Cyber Security News

Fortinet warns of critical FortiCloud SSO login auth bypass flaws

BleepingComputer
Fortinet warns of critical FortiCloud SSO login auth bypass flaws

Fortinet has issued security updates to fix two critical vulnerabilities in multiple products, preventing potential SAML signature abuse. Administrators are advised to disable FortiCloud SSO login temporarily until updates are applied. #FortiOS #FortiWeb #CVE202559718 #CVE202559719

Keypoints

  • Fortinet released patches for two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager.
  • Attackers can exploit these flaws through improper cryptographic signature verification via malicious SAML messages.
  • The FortiCloud SSO feature is not enabled by default but can be activated during device registration.
  • Admins should disable FortiCloud login until they upgrade to fixed software versions.
  • Fortinet also patched additional vulnerabilities, including unverified password reset and hash-based authentication exploits.

Read More: https://www.bleepingcomputer.com/news/security/fortinet-warns-of-critical-forticloud-sso-login-auth-bypass-flaws/

SHARE THIS STORY

WhatsAppX (Twitter)TelegramBlueskyFacebookLinkedInThreadsEmailPrint