551/68 Friday, December 26, 2025
Fortinet has issued a security warning after detecting active exploitation of CVE-2020-12812 affecting FortiOS SSL VPN, a vulnerability that allows attackers to bypass two-factor authentication (2FA) by simply altering the letter casing of the username during login. For example, logging in as “Admin” instead of “admin” may allow access without requiring a one-time password (OTP).
The issue stems from an inconsistency in username case-sensitivity handling between FortiGate, which treats usernames as case-sensitive, and LDAP, which is case-insensitive. In environments where local users with 2FA enabled are integrated with LDAP, entering a username with a different letter case than the one stored can cause FortiGate to bypass the local user policy enforcing 2FA and instead authenticate the user via a fallback LDAP group, resulting in a successful login without the second authentication factor.
To mitigate the risk, administrators are strongly advised to upgrade FortiOS to a patched version: 6.0.10, 6.2.4, 6.4.1, or later. If an upgrade is not immediately possible, Fortinet recommends using the CLI set username-sensitivity disable This setting forces the system to treat usernames with different letter casing as the same account, reducing the risk of 2FA bypass. Additionally, administrators should review authentication logs for any logins that did not trigger 2FA and reset passwords immediately if suspicious activity is detected.
Source https://thehackernews.com/2025/12/fortinet-warns-of-active-exploitation.html
