Uncontrolled Resource Consumption (Unauthenticated Denial of Service) in login module

Uncontrolled Resource Consumption (Unauthenticated Denial of Service) in login module

Summary

An uncontrolled resource consumption (denial of service) vulnerability in FortiSandbox and FortiAuthenticator login modules may allow an unauthenticated attacker to bring the device into an unresponsive state via specifically-crafted long request parameters.

Affected Products

FortiSandbox 3.2.1 and below.
FortiSandbox 3.1.4 and below.
FortiSandbox 3.0.6 and below.
FortiAuthenticator 6.0.5 and below.
FortiAuthenticator 5.5.0 and below.
FortiAuthenticator 5.4.1 and below.
FortiAuthenticator 5.3.1 and below.
FortiAuthenticator 5.2.2 and below.
FortiAuthenticator 5.1.2 and below.
FortiAuthenticator 5.0.0 and below.
FortiAuthenticator 4.3.4 and below.

Solutions

Upgrade to FortiSandbox 4.0.0 or above.

Upgrade to FortiSandbox 3.2.2 or above.

Upgrade to FortiSandbox 3.1.5 or above.

Upgrade to FortiSandbox 3.0.7 or above.

Upgrade to FortiAuthenticator version 6.3.0 or above.

Upgrade to FortiAuthenticator version 6.2.0 or above.

Upgrade to FortiAuthenticator version 6.1.0 or above.

Upgrade to FortiAuthenticator version 6.0.6 or above.

Acknowledgement

Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.