CVE-2024-23664 in FortiAuthenticator
Summary
by MITRE • 06/03/2024
A URL redirection to untrusted site ('open redirect') in Fortinet FortiAuthenticator version 6.6.0, version 6.5.3 and below, version 6.4.9 and below may allow an attacker to to redirect users to an arbitrary website via a crafted URL.
If you want to get best quality of vulnerability data, you may have to visit VulDB.
Analysis
by VulDB Data Team • 03/26/2025
The vulnerability identified as CVE-2024-23664 represents a critical open redirect flaw in Fortinet FortiAuthenticator authentication platform. This security weakness affects multiple versions including 6.6.0, 6.5.3, and 6.4.9, creating a significant risk for organizations relying on this identity and access management solution. The flaw stems from insufficient validation of redirect URLs within the authentication system's web interface, allowing malicious actors to craft specially formatted URLs that will redirect users to attacker-controlled domains without proper verification.
This vulnerability falls under CWE-601, which specifically addresses URL redirection to untrusted sites, making it a classic example of an open redirect vulnerability. The technical implementation flaw occurs when the FortiAuthenticator application processes user-supplied redirect parameters without adequate sanitization or domain validation. Attackers can exploit this by constructing malicious URLs that appear legitimate to users, potentially leading to phishing attacks, credential theft, or malware distribution. The vulnerability exists in the web application layer where user input is processed for redirect functionality, typically in authentication flows or session management components.
The operational impact of this vulnerability extends beyond simple redirection, creating a potential gateway for more sophisticated attacks within enterprise environments. Organizations utilizing FortiAuthenticator for authentication services face significant risk of user deception attacks where legitimate users might be redirected to malicious domains that mimic the authenticator interface. This could result in credential compromise, especially in environments where users trust the legitimate authentication system. The vulnerability particularly affects scenarios involving email links, social media sharing, or any application that relies on redirect functionality for authentication flows, potentially enabling attackers to bypass security controls and gain unauthorized access to protected resources.
Mitigation strategies for CVE-2024-23664 should prioritize immediate version upgrades to Fortinet FortiAuthenticator 6.6.1 or later releases that contain the necessary patches. Organizations should also implement additional network-level controls such as web application firewalls that can detect and block suspicious redirect patterns. Security teams should conduct comprehensive assessments of all applications that integrate with FortiAuthenticator to identify potential attack vectors. From an ATT&CK framework perspective, this vulnerability maps to technique T1566.001 for credential access through spearphishing attachments and T1531 for lateral movement through trusted relationships. Network administrators should also consider implementing strict URL validation policies and monitoring for anomalous redirect behavior in network logs to detect potential exploitation attempts.