Administrator cookie leakage

Fortiguard Security Advisory

An insufficiently protected credentials vulnerability (CWE-522) in FortiOS and FortiProxy may allow an attacker to obtain the administrator cookie in rare and specific conditions, via tricking the administrator into visiting a malicious attacker-controlled website through the SSL-VPN.


Leave a Reply

Your email address will not be published. Required fields are marked *