[FortiProxy] SSL VPN account hijack (unauthorized modification of users passwords)

Summary

An improper access control vulnerability in FortiProxy SSL VPN web portal may allow an unauthenticated and remote attacker to change local SSL-VPN users' passwords via specially crafted HTTP requests.

Affected Products

FortiProxy versions 2.0.0
FortiProxy versions 1.2.8 and below.
FortiProxy versions 1.1.6 and below.
FortiProxy versions 1.0.7 and below.

Solutions

Please upgrade to FortiProxy versions 1.2.9 or above. Please upgrade to FortiProxy versions 2.0.1 or above.

Acknowledgement

Fortinet is pleased to thank Meh Chang and Orange Tsai from DEVCORE Security Research Team for reporting this vulnerability under responsible disclosure.

Timeline

2021-06-01: Initial publication