FortiWLC PAM.log authenticated user information exposure
The pam.log file generated by FortiWLC contains authenticated users credentials (local admin and users authenticated against external servers). Users with admin privileges can access the pam.log file...
View ArticleFortiAnalyzer and FortiManager stored XSS vulnerability in report filters
A cross-site-scripting vulnerablity in FortiAnalyzer/FortiManager in advanced settings page could allow an administrator to inject scripts in the add filter field.
View ArticleFortiWLC Undocumented Hardcoded core Account
FortiWLC comes with a hardcoded account named 'core' which is used by Meru Access Points to send core dumps to the FortiWLC and has read/write privileges over various parts of the system.
View ArticleLinux Kernel Dirty Cow Vulnerability
Linux Kernel Dirty Cow Vulnerability Announcement.
View ArticleBlacknurse ICMP DoS attack
BlackNurse is a Denial of Service attack consisting in flooding the target with ICMP Type 3 Code 3 packets. The latter type of packets generally consumes more CPU to be processed than the...
View ArticleImplementation of CTR_DRBG RNG in FortiOS 4.3
FortiOS 4.3 used to implement the ANSI X9.31 RNG to decrypt TLS/IPSec traffic.It is now superseded by the CTR_DRBG implementation as per the NIST SP800-90 recommendations since FortiOS 5.0 GA release.
View ArticleFortiOS flow-mode detection bypass under certain conditions
A FortiGate configured to use flow-based protection will stop monitoring network sessions that are active when a scanning engine is reloaded after an update (nearly instantaneous process).This tends...
View ArticleFortiOS Local Admin Password Hash Leak Vulnerability
A read-only administrator may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API , and may therefore be able to crack...
View Article