all InfoSec news
FortiWAN - Guessable static JSON web token secret
Nov. 14, 2023, 8 a.m. |
FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com
An improper authentication vulnerability [CWE-287] in FortWAN may allow an authenticated attacker to escalate his privileges via HTTP or HTTPs requests with crafted JWT token values.
attacker authentication cwe http https json jwt jwt token may privileges product requests secret support token vulnerability web
More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories
FortiClient (Windows) - DLL Hijacking via openssl.cnf
2 weeks, 2 days ago |
fortiguard.fortinet.com
FortiMail - Login mechanism without rate limitation
2 weeks, 2 days ago |
fortiguard.fortinet.com
FortiOS & FortiProxy - DOS in headers management
2 weeks, 2 days ago |
fortiguard.fortinet.com
FortiADC & FortiDDoS-F - CORS: arbitrary origin trusted
2 weeks, 2 days ago |
fortiguard.fortinet.com
FortiClient for Windows - Hardcoded credentials in vcm2.exe
2 weeks, 2 days ago |
fortiguard.fortinet.com
Jobs in InfoSec / Cybersecurity
Senior Vice President, Cybersecurity and Runtime Operations
@ 2U | US-MD-Lanham//US-Remote
Dreadnought Product Security Lead - Submarines
@ Rolls-Royce | Derby - Jubilee House (UK-JH)
Senior Product Security Engineer
@ Narvar | Hybrid - Bengaluru
Managing Consultant - Advisors Business Development
@ Mastercard | Mumbai, India
Principal Security Engineer
@ Highspot | Vancouver, BC
Incident Response Specialist
@ Wabtec | Bengaluru - KA - IND (ITC Greens)