Fortinet SSL VPN and FortiGate vulnerabilities under active attack

December 25, 2025 at 08:22 AM

•

1 min read

Fortinet SSL VPN and FortiGate vulnerabilities under active attack — Photo: The Hacker News

TL;DR Summary

Fortinet has issued a warning about active exploitation of a five-year-old vulnerability in FortiOS SSL VPN (CVE-2020-12812) that allows attackers to bypass two-factor authentication under certain configurations, especially involving LDAP integration and case-sensitive username matching. Organizations are advised to update their systems or disable username sensitivity to mitigate the risk, and to contact support if they suspect exploitation.

Topics:business #2fa-bypass #cve-2020-12812 #fortinet #fortios #security #ssl-vpn

Share this article

Fortinet Warns of Active Exploitation of FortiOS SSL VPN 2FA Bypass Vulnerability The Hacker News
Five-year-old Fortinet FortiOS SSL VPN vulnerability actively exploited Security Affairs
Hackers Exploiting Three-Year-Old FortiGate Vulnerability to Bypass 2FA on Firewalls CybersecurityNews
Cybersecurity News: Fortinet VPN exploit, Google gmail change, Aflac breach update CISO Series
Potential attacks threaten over tens of thousands of Fortinet devices SC Media

Reading Insights

Total Reads

Unique Readers

Time Saved

3 min

vs 4 min read

Condensed

91%

614 → 58 words

Want the full story? Read the original article

Read on The Hacker News

JavaScript Required

tl;dr daily news requires JavaScript to be enabled. Please enable JavaScript in your browser settings.

Related Sources

Reading Insights