Threat Encyclopedia

FortiOS.SSL.VPN.Web.Portal.Password.Improper.Authentication

description-logoDescription

This indicates an attack attempt to exploit an Improper Authentication Vulnerability in FortiOS.
The vulnerability is due to an error in the vulnerable application when handling requests. An unauthenticated attacker can exploit this to modify the password of an SSL VPN user via a crafted request.

affected-products-logoAffected Products

FortiOS 6.0.0 to 6.0.4 with SSL VPN Service enabled
FortiOS 5.6.0 to 5.6.8 with SSL VPN Service enabled
FortiOS 5.4.1 to 5.4.10 with SSL VPN Service enabled

Impact

Security Bypass: Remote attackers can bypass security mechanism on vulnerable systems

recomended-action-logoRecommended Actions

Apply the most recent upgrade or patch from the vendor. Or follow work around provided by the vendor.
https://fortiguard.com/psirt/FG-IR-18-389

CVE References

CVE-2018-13382

Other References

FG-IR-18-389