FortiMail - Email account takeover in same web domain

Oct. 10, 2023, 7 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail may allow an authenticated attacker to login to other users accounts from the same web domain via crafted HTTP or HTTPs requests.

account accounts account takeover attacker authorization cwe domain email http https login may requests takeover vulnerability web webmail

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 3 weeks, 1 day ago | fortiguard.fortinet.com

actor attacker cwe device +17

FortiSandbox - Arbitrary file read on endpoint 3 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary files attacker cwe directory +12

FortiNAC-F - Lack of certificate validation 3 weeks, 1 day ago | fortiguard.fortinet.com

attack attacker certificate channel +12

FortiOS - Format String in CLI command 3 weeks, 1 day ago | fortiguard.fortinet.com

access admin arbitrary code attacker +16

FortiOS & FortiProxy - administrator cookie leakage 3 weeks, 1 day ago | fortiguard.fortinet.com

administrator attacker conditions cookie +10

FortiSandbox - Arbitrary file delete on endpoint 3 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary files attacker cwe delete +13

FortiClientMac - Lack of configuration file validation 3 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary code attacker code configuration +15

FortiManager - Code Injection via Jinja Template 3 weeks, 1 day ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +11

FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 3 weeks, 1 day ago | fortiguard.fortinet.com

access admin arbitrary code arbitrary code execution +16

Information Security Cyber Risk Analyst

@ Intel | USA - AZ - Chandler

View on infosec-jobs.com

Senior Cloud Security Engineer (Fullstack)

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Principal Product Security Engineer

@ Oracle | United States

View on infosec-jobs.com

Cybersecurity Strategy Director

@ Proofpoint | Sunnyvale, CA

View on infosec-jobs.com

Information Security Consultant/Auditor

@ Devoteam | Lisboa, Portugal

View on infosec-jobs.com

IT Security Engineer til Netcompany IT Services

@ Netcompany | Copenhagen, Denmark

View on infosec-jobs.com

View more jobs

all InfoSec news

FortiMail - Email account takeover in same web domain

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Information Security Cyber Risk Analyst

Senior Cloud Security Engineer (Fullstack)

Principal Product Security Engineer

Cybersecurity Strategy Director

Information Security Consultant/Auditor

IT Security Engineer til Netcompany IT Services