FortiWeb CSRF Vulnerability
Summary
A CSRF vulnerability could allow attackers to change admin password with crafted forms.
Description
There is a CSRF vulnerability with FortiWEB console on dashboard. Attackers may submit local forms to change admin password illegally.
Impact Detail
There is a CSRF vulnerability with FortiWEB console on dashboard. Attackers may submit local forms to change admin password illegally.Â
Affected Products
FortiWEB
Solutions
Upgrade to FortWeb 5.5.3
Acknowledgement
Fortinet is pleased to thanks Ewoud Vlasselaer from Dimension Data Belgium for reporting a FortiWeb vulnerability under responsible disclosure. Â