A use of hard-coded cryptographic key vulnerability [CWE-321] in FortiDDoS API 5.5.0 up to and including 5.5.1, 5.4.0 up to and including 5.4.2, 5.3.0 up to and including 5.3.1, 5.2.0, 5.1.0 may allow an attacker who managed to retrieve the key from one device to sign JWT tokens for any device.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet fortiddos 5.5.1 |
||
fortinet fortiddos 5.5.0 |
||
fortinet fortiddos 5.4.2 |
||
fortinet fortiddos 5.4.1 |
||
fortinet fortiddos 5.4.0 |
||
fortinet fortiddos 5.3.1 |
||
fortinet fortiddos 5.3.0 |
||
fortinet fortiddos 5.2.0 |
||
fortinet fortiddos 5.1.0 |