Authentication Bypass Operational Risk
Authentication bypass vulnerabilities and operational remediation failures demonstrating persistent security gaps in patching critical infrastructure despite five years of available fixes and documented exploitation
-
Fortinet FortiOS CVE-2020-12812: Five-Year-Old 2FA Bypass Affecting 9,700+ Exposed Firewalls Under Active Exploitation
A five-year-old 2FA bypass vulnerability in Fortinet FortiOS continues to plague enterprise perimeter security. Over 9,700 unpatched FortiGate instances remain exposed globally as of January 2026, with active exploitation confirmed. An attacker can bypass two-factor authentication by simply altering username case and exploiting misconfigured LDAP group authentication—a trivial technique that has already been leveraged by…