Insufficient Session Expiration in SSLVPN using SAML authentication

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An Insufficient Session Expiration vulnerability [CWE-613] in FortiOS SSL VPN may allow a remote attacker (e.g. a former admin whose account was removed and whose session was terminated) in possession of the SAML record of a user session to access or re-open that session via re-use of SAML record. Revised on 2025-10-14 00:00:00

#vulnerability #authentication #patch-management #ssl #saml