CVE-2020-12812: Fortinet FortiOS SSL VPN Improper Authentication

Fortinet FortiOS SSL VPN Improper Authentication Vulnerability. Fortinet FortiOS SSL VPN contains an improper authentication vulnerability that may allow a user to login successfully without being prompted for the second factor of authentication (FortiToken) if they change the case in their username.

• CISA KEV-listed (remediation due 2022-05-03)
• used in ransomware campaigns
• EPSS 41.9% (97.5% percentile)

Related briefings

• CISA #StopRansomware: Hive Ransomware Claims 1,300+ Victims and $100M in Payments Targeting Healthcare and Critical Infrastructure 2026-02-16

Browse the CVE database

Read the full analysis on IntelFusions