FortiAuthenticator multiple vulnerabilities
Impact DetailOlder versions of FortiAuthenticator are subject to three vulnerabilities:
1. Local passwords disclosure: Upon booting, passwords for local accounts (eg: PostgreSQL) are logged to the startup debug logs. These local accounts can however only be accessed by a user who already has shell access to the FortiAuthenticator.
2. Local file system disclosure: An admin user with CLI access can view local files on the local filesystem by using the -f option of the dig command.
3. Reflected XSS: A remote attacker can perform a reflected XSS attack via an improperly sanitized parameter.
The "subshell bypass" vulnerability claimed by security-assessment.com (CVE-2015-1458) is not acknowledged as a vulnerability by Fortinet: A support-provided debug-kit is needed to write the "'/tmp/privexec/dbgcore_enable_shell_access" file from an admin account, and in turn obtain root shell. This is a feature used for advanced troubleshooting.