FortiOS – Existing websocket connection persists after deleting API admin

An insufficient session expiration [CWE-613] vulnerability in FortiOS REST API may allow an attacker to reuse the session of a deleted user, should the attacker manage to obtain the API token.Read More