PSIRT Advisory

FortiWeb CSRF Vulnerability

Summary

A CSRF vulnerability could allow attackers to change admin password with crafted forms.

Description

There is a CSRF vulnerability with FortiWEB console on dashboard. Attackers may submit local forms to change admin password illegally.

Impact

Illegal change of admin password.

Affected Products

FortiWEB

Solutions

Upgrade to FortWeb 5.5.3

Acknowledgement

Fortinet is pleased to thanks Ewoud Vlasselaer from Dimension Data Belgium for reporting a FortiWeb vulnerability under responsible disclosure.