Skip to content
CVE-2018-13382
Python
Branch: master
Clone or download
Latest commit cf0acb0 Aug 13, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CVE-2018-13382.py update README.md Aug 13, 2019
README.md update README.md Aug 13, 2019
magic_backdoor.png update image Aug 12, 2019
magic_backdoor1.png update image Aug 12, 2019

README.md

CVE-2018-13382

CVE-2018-13382

https://devco.re/blog/2019/08/09/attacking-ssl-vpn-part-2-breaking-the-Fortigate-ssl-vpn/

An Improper Authorization vulnerability in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.0 to 5.6.8 and 5.4.1 to 5.4.10 under SSL VPN web portal allows an unauthenticated attacker to modify the password of an SSL VPN web portal user via specially crafted HTTP requests.

alt text

$ python CVE-2018-13382.py  -h
Usage: CVE-2018-13382.py [options]

Options:
  -h, --help   show this help message and exit
  -i IP        e.g. 127.0.0.1:10443
  -u USERNAME  
  -p PASSWORD  

You can’t perform that action at this time.