PSIRT Advisories

FortiOS, FortiWeb, FortiProxy and FortiSwitch - Padding oracle in cookie encryption


An improper verification of cryptographic signature vulnerability [CWE-347] in FortiOS, FortiWeb, FortiProxy and FortiSwitch may allow an attacker to decrypt portions of the administrative session management cookie if able to intercept the latter.

Affected Products

FortiOS versions 7.0.3 and below.
FortiOS versions 6.4.8 and below,
FortiOS 6.2 all versions
FortiOS 6.0 all versions

FortiWeb 6.4 all versions
FortiWeb versions 6.3.16 and below,
FortiWeb 6.2 all versions
FortiWeb 6.1 all versions
FortiWeb 6.0 all versions

FortiProxy versions 7.0.1 and below,
FortiProxy versions 2.0.7 and below,
FortiProxy 1.2 all versions
FortiProxy 1.1 all versions
FortiProxy 1.0 all versions

FortiSwitch versions 7.0.3 and below,
FortiSwitch versions 6.4.10 and below,
FortiSwitch 6.2 all versions
FortiSwitch 6.0 all versions


Upgrade to FortiOS version 7.0.4 or above.
Upgrade to FortiOS version 6.4.9 or above.

Upgrade to FortiWeb version 7.0.0 or above.
upgrade to FortiWeb version 6.3.17 or above.

Upgrade to FortiProxy version 7.0.2 or above.
Upgrade to FortiProxy version 2.0.8 or above.

Upgrade to FortiSwitch version 7.2.0 or above.
Upgrade to FortiSwitch version 7.0.4 or above.
Upgrade to FortiSwitch version 6.4.11 or above.


Internally discovered and reported by Giuseppe Cocomazzi of Fortinet Product Security team.