FortiAnalyzer, FortiManager - bypass of client-side password change policy enforcement

March 1, 2022, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper handling of insufficient permissions or privileges vulnerability [CWE-280] in FortiAnalyzer and FortiManager may allow an authenticated attacker to bypass the device policy and force the password-change action for its user.

bypass change client fortianalyzer fortimanager password policy

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiAuthenticator - Open Redirect on /portal/disclaimer 4 days ago | fortiguard.fortinet.com

attacker cwe disclaimer may +8

Exposure of password hashes to read-only admin 4 days ago | fortiguard.fortinet.com

admin control cwe data +11

Double free with double usage of json_object_put 4 days ago | fortiguard.fortinet.com

attacker code commands cwe +9

Format String Bug in cli command 4 days ago | fortiguard.fortinet.com

amp arbitrary code arbitrary code execution attacker +19

Client IP relies on X-Forwarded-For and other headers 4 days ago | fortiguard.fortinet.com

attack bypass client cwe +10

Buffer overflow in administrative interface 4 days ago | fortiguard.fortinet.com

arbitrary code attacker buffer buffer overflow +13

Code injection in playbook code snippet step 4 days ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +7

Client-side enforcement of server-side security related to customer reports features 4 days ago | fortiguard.fortinet.com

access account attacker client +16

HTTP/2 CONTINUATION Frames Vulnerability 4 days ago | fortiguard.fortinet.com

attack can connection crash +14

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

Technology Security Analyst

@ Halton Region | Oakville, Ontario, Canada

View on infosec-jobs.com

Senior Cyber Security Analyst

@ Valley Water | San Jose, CA

View on infosec-jobs.com

Senior Application Security Engineer, Application Security

@ Miro | Amsterdam, NL

View on infosec-jobs.com

SOC Analyst (m/w/d)

@ LANXESS | Leverkusen, NW, DE, 51373

View on infosec-jobs.com

Lead Security Solutions Engineer (Remote, North America)

@ Dynatrace | Waltham, MA, United States

View on infosec-jobs.com

all InfoSec news

FortiAnalyzer, FortiManager - bypass of client-side password change policy enforcement

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Information Security Engineers

Technology Security Analyst

Senior Cyber Security Analyst

Senior Application Security Engineer, Application Security

SOC Analyst (m/w/d)

Lead Security Solutions Engineer (Remote, North America)