FortiOS & FortiWeb - Padding oracle in cookie encryption

Feb. 16, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An improper verification of cryptographic signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy and FortiSwitch may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.

cookie cwe decrypt encryption fortios fortiproxy fortiweb intercept management may oracle padding session signature verification vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiOS - Web server ETag exposure 2 weeks, 5 days ago | fortiguard.fortinet.com

actor attacker cwe device +17

FortiSandbox - Arbitrary file read on endpoint 2 weeks, 5 days ago | fortiguard.fortinet.com

arbitrary files attacker cwe directory +12

FortiNAC-F - Lack of certificate validation 2 weeks, 5 days ago | fortiguard.fortinet.com

attack attacker certificate channel +12

FortiOS - Format String in CLI command 2 weeks, 5 days ago | fortiguard.fortinet.com

access admin arbitrary code attacker +16

FortiOS & FortiProxy - administrator cookie leakage 2 weeks, 5 days ago | fortiguard.fortinet.com

administrator attacker conditions cookie +10

FortiSandbox - Arbitrary file delete on endpoint 2 weeks, 5 days ago | fortiguard.fortinet.com

arbitrary files attacker cwe delete +13

FortiClientMac - Lack of configuration file validation 2 weeks, 5 days ago | fortiguard.fortinet.com

arbitrary code attacker code configuration +15

FortiManager - Code Injection via Jinja Template 2 weeks, 5 days ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +11

FortiSandbox - Arbitrary file write on CLI leading to arbitrary code execution 2 weeks, 5 days ago | fortiguard.fortinet.com

access admin arbitrary code arbitrary code execution +16

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Security Officer Hospital Laguna Beach

@ Allied Universal | Laguna Beach, CA, United States

View on infosec-jobs.com

Sr. Cloud DevSecOps Engineer

@ Oracle | NOIDA, UTTAR PRADESH, India

View on infosec-jobs.com

Cloud Operations Security Engineer

@ Elekta | Crawley - Cornerstone

View on infosec-jobs.com

Cybersecurity – Senior Information System Security Manager (ISSM)

@ Boeing | USA - Seal Beach, CA

View on infosec-jobs.com

Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas

@ Goldman Sachs | Dallas, Texas, United States

View on infosec-jobs.com

View more jobs

all InfoSec news

FortiOS & FortiWeb - Padding oracle in cookie encryption

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

SOC 2 Manager, Audit and Certification

Security Officer Hospital Laguna Beach

Sr. Cloud DevSecOps Engineer

Cloud Operations Security Engineer

Cybersecurity – Senior Information System Security Manager (ISSM)

Engineering -- Tech Risk -- Security Architecture -- VP -- Dallas