PSIRT Advisories

FortiClient EMS - SAML SSO replay attack


An authentication bypass by capture-replay vulnerability [CWE-294] in FortiClient EMS may allow an unauthenticated attacker to impersonate an existing user by intercepting and re-using valid SAML authentication messages.

Affected Products

FortiClientEMS version 7.0.1 and below.

FortiClientEMS version 6.4.4 and below.



Please upgrade to FortiClientEMS version 6.4.7 or above.

Please upgrade to FortiClientEMS version 7.0.2 or above.


Internally discovered and reported by Fortinet