Vulnerability Management

Reflected XSS vuln found on Fortinet login page

Share

A reflected cross-site scripting (RXSS) attack that let attackers log their passwords in cleartext was found contained on Fortinet's login page.

French security researcher Yann Cam said that the login system on the security companies website had a flaw that allowed attackers to insert malicious code in the login page's URL. 

Users that access other services are redirected to the login.fortinet.com domain that uses long and complex URLs, making it simple for attackers to hide malicious code.

Attackers could use the exploit to access a Fortinet customer's account to see the type of security equipment they purchased as bait for future attacks.

Cam said, “In this case, the RXSS is located directly on the centralised authentication page. Thus, no need to create a fake login page to deceive potential victims.”

The problem was found in November 2015 and patched by Fortinet on 2 December 2015. An additional XSS was discovered by Cam in Fortinet's ticketing software, and is now also patched. 

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.