FortiClient EMS - SAML SSO replay attack

Summary

An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.

Affected Products

FortiClientEMS version 7.0.1 and below.

FortiClientEMS version 6.4.4 and below.

 

Solutions

Please upgrade to FortiClientEMS version 6.4.7 or above.

Please upgrade to FortiClientEMS version 7.0.2 or above.

Acknowledgement

Internally discovered and reported by Fortinet