The Hacker News

Fortinet FortiGate Under Active Attack Through SAML SSO Authentication Bypass

Attackers are exploiting two CVSS 9.8 FortiGate SSO authentication bypass flaws days after disclosure; Fortinet urges ...
Cybernews

Fortinet firewalls under active attack, users urged to update now

Hackers are actively exploiting critical Fortinet FortiGate flaws to bypass SSO, steal configs, and hijack firewalls. CISA is ...

Fortinet products hit by further security flaws - giving hackers access to systems and more

Two new critical vulnerabilities have been discovered in Fortinet products, and since they are being actively abused in the ...
Bleeping Computer

GitHub warns of SAML auth bypass flaw in Enterprise Server

GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4985, which impacts GitHub Enterprise Server (GHES) instances using SAML single ...
Mobile ID World

Fortinet SSO Admin Login Flaw: New SAML Bypass CVEs Spur Multi-Product Patch Planning

While patching is positioned as the primary fix, interim risk reduction measures cited by advisories include limiting administrative interfaces to trusted networks and, where feasible, temporarily ...
Dark Reading

Critical Fortinet Flaws Under Active Attack

Attackers targeted admin accounts, and once authenticated, exported device configurations including hashed credentials and ...
CSO Online

Fortinet admins urged to update software to close FortiCloud SSO holes

Vulnerabilities could allow an attacker to bypass single sign-on login protection; users should disable SSO until patching is ...

Fortinet warns of critical FortiCloud SSO login auth bypass flaws

Fortinet has released security updates to address two critical vulnerabilities in FortiOS, FortiWeb, FortiProxy, and FortiSwitchManager that could allow attackers to bypass FortiCloud SSO ...
CSOonline

Samlify bug lets attackers bypass single sign-on

A critical vulnerability in the popular samlify library could potentially allow attackers to bypass Single Sign-On (SSO) protections and gain unauthorized access to systems relying on SAML for ...