FortiWeb SAML Bypass Vulnerability

CRITICAL (9.8)
cwe-347authentication-bypassfortifwebfortinetsamlvulnerability

Threat Intelligence

Low Risk
EPSS Score: 0.10% chance of exploitation (percentile: 27%)
🔍 Detection Tools: None available in major open-source tools
⚔️ Exploit Availability: No public exploits found

How we test →

What is it?

The FortiWeb SAML (Security Assertion Markup Language) feature allows for single sign-on authentication with external identity providers. However, if not properly configured or enabled, an attacker can bypass the login process by crafting a malicious SAML message.

Am I affected?

You're affected if you use An improper verification of cryptographic signature vulnerability. Affected versions: 7.4.9, 7.6.4 If you don't recognise this software, you're probably not affected.

How to fix

  1. Upgrade to a non-affected version:
    • FortiWeb 7.6: Upgrade to 7.6.5 or above.
    • FortiWeb 7.4: Upgrade to 7.4.10 or above.
    • FortiWeb 7.2: Upgrade to 7.2.15 or above.
  2. Immediate mitigations:
    • Turn off the FortiCloud login feature temporarily until upgrading to a non-affected version.
    • Go to System -> Settings and switch "Allow administrative login using FortiCloud SSO" to Off.
    • Type config system global set admin-forticloud-sso-login disable in the CLI.

References