InfoSecBulletin Cybersecurity for mankind
Over 10,000 Fortinet firewalls globally are still vulnerable to CVE-2020-12812, a flaw that allows bypassing multi-factor authentication (MFA) and was revealed over five years ago. Shadowserver added this issue to its daily Vulnerable HTTP Report.
CVE-2020-12812 is due to inadequate authentication in FortiOS SSL VPN portals, impacting versions 6.4.0, 6.2.0 to 6.2.3, and 6.0.9 or earlier. Attackers can bypass the second authentication factor, typically FortiToken, by simply altering the case of a legitimate username, such as changing “user” to “User,” during login.
LastPass says hackers stole customer data via Klue, supply chain breach
New Apple Exploit Bypasses Boot Defenses, Possibly Affects Millions of iPhones Worldwide
India’s Tata Electronics hit by cyber breach: Hacker target 630 GB record
Anthropic’s Mythos reportedly broke NSA classified systems in hours
OpenAI New Method “Deployment Simulation” Predicts AI Risks Before Deployment
AryStinger botnet infected thousands of D-Link routers globally
Hacker suspected of sending alerts across Brazil
CyberSentinel AI features 33 security tools like Nmap, SQLMap, and ZAP, utilizing Claude and GPT
Barracuda hosts Dhaka roundtable on cyber resilience
CISA Alerts Fortinet Users as FortiBleed Affects 86,644 FortiGate Devices
This happens because FortiGate treats local usernames as case-sensitive, while LDAP servers (like Active Directory) often ignore case, allowing authentication via group membership without prompting for MFA.
In December 2025, Fortinet issued a PSIRT advisory (FG-IR-19-283 update) detailing “recent abuse” of the vulnerability in the wild, tied to specific configurations: local FortiGate users with MFA enabled, linked to LDAP, and belonging to LDAP groups mapped to authentication policies for SSL VPN, IPsec, or admin access.
Shadowserver’s scans show the flaw is still present as scan on 2025-12-31. Shadowserver’s dashboard shows more than 10,000 vulnerable instances as of early January 2026. The U.S. has the most with 1.3K exposed firewalls, followed by Thailand (909), Taiwan (728), Japan (462), and China (462).
A world map visualization highlights dense clusters in North America, East Asia, and Europe, with lighter exposure in Africa and parts of South America.
Fortinet advises upgrading to FortiOS versions 6.0.10+, 6.2.4+, or 6.4.1+ and checking configurations to prevent hybrid local-LDAP MFA issues.
