A reflected cross-site scripting (RXSS) attack that let attackers log their passwords in cleartext was found contained on Fortinet's login page.
French security researcher Yann Cam said that the login system on the security companies website had a flaw that allowed attackers to insert malicious code in the login page's URL.
Users that access other services are redirected to the login.fortinet.com domain that uses long and complex URLs, making it simple for attackers to hide malicious code.
Attackers could use the exploit to access a Fortinet customer's account to see the type of security equipment they purchased as bait for future attacks.
Cam said, “In this case, the RXSS is located directly on the centralised authentication page. Thus, no need to create a fake login page to deceive potential victims.”
The problem was found in November 2015 and patched by Fortinet on 2 December 2015. An additional XSS was discovered by Cam in Fortinet's ticketing software, and is now also patched.
