Fortinet FortiOS SSL-VPN 代码问题漏洞

Fortinet FortiOS SSL-VPN is a VPN software from Fortinet, Inc. A code issue vulnerability exists in Fortinet FortiOS SSL-VPN that stems from insufficient session expiration, which could allow a remote attacker to reopen a session by reusing SAML records. The following versions are affected:...

Session fixation

An insufficient session expiration vulnerability exists in the "Fish | Hunt FL" iOS app version 3.8.0 and earlier, which allows a remote attacker to reuse, spoof, or steal other user and admin sessions...