A very easy bypass has been discovered in FortiWeb Cloud IaaS WAFs, allowing attackers to bypass all logging and WAF rules if the origin lock feature is not implemented. More details to be provided in a blogpost.
For more insights, check out the original tweet here: https://twitter.com/R3n5k1/status/1851546624348082408. And don’t forget to follow @R3n5k1 for more exciting updates in the world of cybersecurity.