Fortinet has confirmed {that a} new assault marketing campaign noticed lately in opposition to buyer gadgets is exploiting an unpatched situation to bypass authentication. The brand new assaults are totally different from a earlier marketing campaign seen in December that focused two vulnerabilities associated to FortiCloud single sign-on (SSO) authentication.
“Just lately, a small variety of prospects reported surprising login exercise occurring on their gadgets, which appeared similar to the earlier situation,” the Fortinet product security crew mentioned in a weblog publish. “Nevertheless, within the final 24 hours, we now have recognized a lot of circumstances the place the exploit was to a tool that had been totally upgraded to the newest launch on the time of the assault, which steered a brand new assault path.”
Fortinet is at present engaged on fixing the brand new situation, which impacts not solely FortiCloud SSO, however all SAML SSO implementations. It’s price noting that FortiCloud SSO will not be enabled by default on gadgets however can change into enabled when an administrator registers the machine with FortiCare product help from the machine’s administration interface.
