FortiWeb CSRF Vulnerability
A CSRF vulnerability could allow attackers to change admin password with crafted forms.
There is a CSRF vulnerability with FortiWEB console on dashboard. Attackers may submit local forms to change admin password illegally.
Illegal change of admin password.
Upgrade to FortWeb 5.5.3
Fortinet is pleased to thanks Ewoud Vlasselaer from Dimension Data Belgium for reporting a FortiWeb vulnerability under responsible disclosure.