Following confirmation of the active exploitation of a zero-day authentication bypass vulnerability in several products, Fortinet temporarily disabled its FortiCloud Single Sign-On (SSO) service This article explores vulnerability forticloud sso. . The problem, known as FG-IR-26-060, enables hackers to access devices linked to different accounts using a malicious FortiCloud account.

An Authentication Bypass Using an Alternate Path or Channel vulnerability (CWE-288) is the source of the vulnerability. When FortiCloud SSO is enabled—a feature that is not active by default but is frequently toggled on during FortiCare registration unless specifically disabled—it affects FortiOS, FortiManager, and FortiAnalyzer. Attackers take advantage of this to obtain administrative access on targeted devices, even ones that have been fully patched against related problems in the past. To have your stories featured, get in touch with us.