Traceback on Public Accessible Path
Summary
A lack of custom error pages vulnerability [CWE-756] in FortiPresence may allow an unauthenticated attacker with the ability to navigate to the login GUI to gain sensitive information via navigating to specfiic HTTP(s) paths.
Affected Products
FortiPresence version 1.2.0 through 1.2.1
FortiPresence 1.1 all versions
FortiPresence 1.0 all versions
Solutions
Please upgrade to FortiPresence version 2.0.0 or above
Acknowledgement
Fortinet is pleased to thank Mr Mohammed B M Shawish from ADNOC Distribution for bringing this issue to our attention under responsible disclosure.Timeline
2023-09-07: Initial publication