Old FortiOS flaw sees renewed exploitation.

Fortinet says attackers are once again abusing a 2020 authentication bug that lets users bypass two‑factor prompts under specific LDAP configurations. The issue stems from case‑sensitivity differences between FortiGate and LDAP, allowing altered username casing to suppress the 2FA requirement. Only environments with particular group and authentication setups are exposed, and Fortinet warns that any affected systems should be treated as compromised with all credentials reset. Patches have long been available, and the company urges organizations to update and remove unnecessary LDAP groups to prevent further misuse.

Read more:

https://www.securityweek.com/fortinet-warns-of-new-attacks-exploiting-old-vulnerability/