PSIRT Advisory

FortiWebManager 5.8.0 improperly handles admin login access

Summary

FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string.

Impact

Improper Access Control

Affected Products

Only FortiWebManager 5.8.0 is affected.

Solutions

Users on FortiWebManager 5.8.0 must upgrade to 5.8.1.

Acknowledgement

Fortinet is pleased to thank Abdulaziz Alrushaid of Saudi Aramco for reporting this vulnerability under responsible disclosure.