Fortinet warns of 5-year-old FortiOS 2FA bypass still exploited in attacks

Fortinet is warning that a 2FA bypass vulnerability (CVE-2020-12812) in FortiOS that has existed for five years is still being actively exploited by attackers. This flaw allows threat actors to bypass two-factor authentication on vulnerable FortiGate firewalls by manipulating the case of a username, particularly when LDAP is enabled and misconfigured. The vulnerability was patched in July 2020, but its continued exploitation highlights the ongoing risks to systems that have not been updated or properly secured.