Hot!Fortigate vulnerability

Page: < 12 Showing page 2 of 2
Author
darwin_FTNT
Bronze Member
  • Total Posts : 52
  • Scores: 6
  • Reward points: 0
  • Joined: 2018/04/24 18:12:28
  • Status: offline
Re: Fortigate vulnerability 2018/05/24 00:48:47 (permalink)
0
What is the forticare / tech support ticket number or the mantis bug number?
#21
JerryPWhite_FTNT
New Member
  • Total Posts : 9
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/12/08 16:16:44
  • Status: offline
Re: Fortigate vulnerability 2018/05/29 07:48:50 (permalink)
0
Why do you need the forticare ticket number?
 
 
#22
BWiebe
Silver Member
  • Total Posts : 88
  • Scores: 1
  • Reward points: 0
  • Joined: 2012/06/07 07:54:42
  • Status: offline
Re: Fortigate vulnerability 2018/05/29 08:26:39 (permalink)
0
The folks with _FTNT are from Fortinet.
 
darwin_FTNT likely wants to check the status internally on the issue.
#23
JerryPWhite_FTNT
New Member
  • Total Posts : 9
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/12/08 16:16:44
  • Status: offline
Re: Fortigate vulnerability 2018/05/29 08:35:03 (permalink)
0
I'm pretty sure I can put FTNT behind my profile as well. :) This is a semi-public forum so I don't feel the need for the ticket number unless I'm positive it is well intended. I'll post official content if/when I have this resolved or at least an answer from Fortinet.
#24
zenace33
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2016/10/24 14:40:31
  • Status: offline
Re: Fortigate vulnerability 2019/01/17 05:03:42 (permalink)
0
Did this ever get resolved in the latest releases?
I'm running 5.6.5, and get this flagged "vulnerability," but not exactly sure I see a place to change a header setting for HSTS.
#25
Mike Ferderer
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2009/05/31 08:10:41
  • Status: offline
Re: Fortigate vulnerability 2019/04/17 09:15:18 (permalink)
0
So I'm running 6.0.4 and I ran 'set url-obfuscation enable' from conf vpn ssl settings.   I then would get the error below about 'hsts' if I tried to access the portal by name (and note I'm using the built-in self signed cert so it won't match the name).  That error below is only presented to me in Chrome - my Firefox allows me to 'accept/continue' with the self signed warning.  Note, I could get to the portal in Chrome if I just used the IP in the URL.   So possibly using the url-obfuscation this may enable hsts and help with the vulnerability scan warning.
 
*warning in chrome* (cannot proceed/accept risk to get to portal)
You cannot visit hostname.my.org right now because the website uses HSTS. Network errors and attacks are usually temporary, so this page will probably work later.
#26
FortiOSman
Bronze Member
  • Total Posts : 36
  • Scores: 2
  • Reward points: 0
  • Joined: 2016/08/03 10:14:57
  • Status: offline
Re: Fortigate vulnerability 2019/06/12 11:23:54 (permalink)
0
Was anyone able to confirm the fix for this?
#27
brhunt
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2007/09/24 08:37:34
  • Status: offline
Re: Fortigate vulnerability 2020/05/21 11:50:54 (permalink)
0
I know that this thread is old, but I just had the same issue in version 6.2.3.
 
The issue is that the scanner is expecting that the SSL Cert is protecting a web server.  And that the web server should/could add in the x-headers that the scanner is expecting back.
 
But SSLVPN is not a webserver, and has no ability to send those x-headers.
 
The solution was to contact the scanning vendor (Qualys in my case), and let them know the situation.  They understood immediately what I was describing, and created a case to get an exception added to that site.  Once that was done, the scan passed without issue.
#28
emnoc
Expert Member
  • Total Posts : 5769
  • Scores: 375
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: Fortigate vulnerability 2020/05/21 12:17:48 (permalink)
0
A vulnerability scan and results has to be looked at case by case, fwiw and the results interpret .
 
Ken Felix

PCNSE 
NSE 
StrongSwan  
#29
brhunt
New Member
  • Total Posts : 4
  • Scores: 0
  • Reward points: 0
  • Joined: 2007/09/24 08:37:34
  • Status: offline
Re: Fortigate vulnerability 2020/05/21 12:24:30 (permalink)
0
Ken,
 
This thread is talking about one specific scanning issue, X-Frame-OptionsX-XSS-ProtectionContent Security PolicyX-Content-Type-OptionsPublic Key Pinning and Strict-Transport-Security HTTP response headers, when running against a port opened for SSLVPN.
 
That's what I responded to.
 
Bryan Hunt
#30
emnoc
Expert Member
  • Total Posts : 5769
  • Scores: 375
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: offline
Re: Fortigate vulnerability 2020/05/21 12:34:29 (permalink)
0
Correct and those X headers are not mandatory from a vulnerability scan. You can take 10 scanners and come up with 10 different scan results on what the "vulnerability" is. A SSLVPN is just that a VPN not a webserver
 
Ken Felix

PCNSE 
NSE 
StrongSwan  
#31
papapuff
Gold Member
  • Total Posts : 134
  • Scores: 0
  • Reward points: 0
  • Joined: 2012/05/24 20:31:44
  • Status: offline
Re: Fortigate vulnerability 2020/09/11 22:42:41 (permalink)
0
hello there,
I also concern this issue.
how to disable web portal mode?
so outside can't our vpn web portal
 
thanks
#32
Page: < 12 Showing page 2 of 2
Jump to:
© 2020 APG vNext Commercial Version 5.5