PSIRT Advisory

Potential XSS in "CSRF validation failure" page due to lack of referer sanitization

Summary

On FortiAuthenticator, a HTML page is returned to the user when the CSRF validation fails on referer mismatch. This page displays the faulty referer without sanitizing it. Therefore, in an attack scenario where the referer could be manipulated, the attacker could inject malicious scripts in the aforementioned HTML-page.

Impact

Cross-site Scripting (XSS)

Affected Products

FortAuthenticator 4.0.0 to before 5.3.0 versions.

Solutions

Upgrade to FortiAuthenticator 5.3.0 or above.

Revision History:
2018-05-29 Initial version.
2019-02-12 Add affected start versions.

Acknowledgement

Fortinet is pleased to thank Arun Narayanan from Applied-Risk reporting this vulnerability under responsible disclosure.