FortiWebManager 5.8.0 improperly handles admin login access
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-17-248
Final
1
1
2017-11-22T00:00:00
Current version
2017-11-22T00:00:00
2017-11-22T00:00:00
FortiWebManager 5.8.0 fails to check the admin password, granting access regardless the provided string.
Improper Access Control
Only FortiWebManager 5.8.0 is affected.
Users on FortiWebManager 5.8.0 must upgrade to 5.8.1.
Fortinet is pleased to thank Abdulaziz Alrushaid of Saudi Aramco for reporting this vulnerability under responsible disclosure.
FortiWebManager 5.8.0
FortiWebManager 5.8.0 improperly handles admin login access
CVE-2017-14189
FortiWebManager-5.8.0
0
https://fortiguard.fortinet.com/psirt/FG-IR-17-248
FortiWebManager 5.8.0 improperly handles admin login access
Reference>