{"vulnerability": "CVE-2021-44166", "sightings": [{"uuid": "2938876b-2e65-4434-8082-3f0499a91d4d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2021-44166", "type": "seen", "source": "https://t.me/cibsecurity/38289", "content": "\u203c CVE-2021-44166 \u203c\n\nAn improper access control vulnerability [CWE-284 ] in FortiToken Mobile\u00c2\u00a0(Android) external push notification 5.1.0 and below may allow a remote attacker having already obtained\u00c2\u00a0a user's password to access the protected system during the 2FA procedure, even though\u00c2\u00a0the\u00c2\u00a0deny button is clicked by the legitimate user.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-02T12:24:57.000000Z"}]}