- 5.0 branch: 5.0.12 or below
- 5.2 branch: 5.2.2 or below
- An attacker sends a phishing email to the firewall administrator with the link bellow https://fortigate-management-ip-address/login?redir=http://evil-site (Previously the attacker should figure out the firewall management IP address).
- If the administrator clicks on the link, the real portal login will appear. The administrator is supposed to type the admin credentials.
- When the user/pwd are typed, the browser is redirected to the attacker evil-site where there is a fake Fortigate login portal. Credentials are asked for again due to an alleged erroneous user/password.
- The administrator retype the credencials, the evil-site receives the user/pwd and redirects the browser to the real firewall login portal.
- The administrator would type the credentials again and would get access to the real firewall. Meanwhile, the attacker has stolen the user/password.
Cross Site Scripting
- 5.0 branch: 5.0.13 or above
- 5.2 branch: 5.2.3 or above
- 5.4 branch: 5.4.0 or above