all InfoSec news
FortiWAN - Guessable static JSON web token secret
Nov. 14, 2023, 8 a.m. |
FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com
An improper authentication vulnerability [CWE-287] in FortWAN may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.
attacker authentication cwe http https json jwt jwt token may privileges product requests secret support token vulnerability web
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories
FortiOS - Web server ETag exposure
2 weeks, 4 days ago |
fortiguard.fortinet.com
FortiSandbox - Arbitrary file read on endpoint
2 weeks, 4 days ago |
fortiguard.fortinet.com
FortiNAC-F - Lack of certificate validation
2 weeks, 4 days ago |
fortiguard.fortinet.com
FortiOS - Format String in CLI command
2 weeks, 4 days ago |
fortiguard.fortinet.com
FortiSandbox - Arbitrary file delete on endpoint
2 weeks, 4 days ago |
fortiguard.fortinet.com
Jobs in InfoSec / Cybersecurity
SOC 2 Manager, Audit and Certification
@ Deloitte | US and CA Multiple Locations
Application Security Engineer - Enterprise Engineering
@ Meta | Bellevue, WA | Seattle, WA | New York City | Fremont, CA
Security Engineer
@ Retool | San Francisco, CA
Senior Product Security Analyst
@ Boeing | USA - Seattle, WA
Junior Governance, Risk and Compliance (GRC) and Operations Support Analyst
@ McKenzie Intelligence Services | United Kingdom - Remote
GRC Integrity Program Manager
@ Meta | Bellevue, WA | Menlo Park, CA | Washington, DC | New York City