all InfoSec news
FortiWAN - Guessable static JSON web token secret
Nov. 14, 2023, 8 a.m. |
FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com
An improper authentication vulnerability [CWE-287] in FortWAN may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.
attacker authentication cwe http https json jwt jwt token may privileges product requests secret support token vulnerability web
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories
FortiAuthenticator - Open Redirect on /portal/disclaimer
2 weeks, 5 days ago |
fortiguard.fortinet.com
Exposure of password hashes to read-only admin
2 weeks, 5 days ago |
fortiguard.fortinet.com
Double free with double usage of json_object_put
2 weeks, 5 days ago |
fortiguard.fortinet.com
Format String Bug in cli command
2 weeks, 5 days ago |
fortiguard.fortinet.com
Client IP relies on X-Forwarded-For and other headers
2 weeks, 5 days ago |
fortiguard.fortinet.com
Buffer overflow in administrative interface
2 weeks, 5 days ago |
fortiguard.fortinet.com
Code injection in playbook code snippet step
2 weeks, 5 days ago |
fortiguard.fortinet.com
HTTP/2 CONTINUATION Frames Vulnerability
2 weeks, 5 days ago |
fortiguard.fortinet.com
Jobs in InfoSec / Cybersecurity
CyberSOC Technical Lead
@ Integrity360 | Sandyford, Dublin, Ireland
Cyber Security Strategy Consultant
@ Capco | New York City
Cyber Security Senior Consultant
@ Capco | Chicago, IL
Sr. Product Manager
@ MixMode | Remote, US
Security Compliance Strategist
@ Grab | Petaling Jaya, Malaysia
Cloud Security Architect, Lead
@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)