| IR Number | FG-IR-18-027 |
| Date | Jun 22, 2018 |
| Severity |
Medium |
| Impact | Information Disclosure |
| CVE ID | CVE-2018-9185 |
| Affected Products |
FortiOS
:
6.0.0, 5.6.5, 5.6.4, 5.6.2, 5.6.1, 5.6.0, 5.4.9, 5.4.8, 5.4.7, 5.4.6, 5.4.5, 5.4.4, 5.4.3, 5.4.2, 5.4.13, 5.4.12, 5.4.11, 5.4.10, 5.4.1, 5.4.0, 5.2.9, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.15, 5.2.14, 5.2.13, 5.2.12, 5.2.11, 5.2.10, 5.2.1, 5.2.0, 5.0.9, 5.0.8, 5.0.7, 5.0.6, 5.0.5, 5.0.4, 5.0.3, 5.0.2, 5.0.14, 5.0.13, 5.0.12, 5.0.11, 5.0.10, 5.0.1, 5.0.0
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiOS SSL VPN webportal user credentials present in plain text in client side javascript file
Summary
An information disclosure vulnerability exists in the SSL-VPN web portal of FortiOS: when pages bookmarked in the web portal use the Single sign-on (SSO) feature, the user's webportal's login and password are included in a javascript file sent client-side.
The leaked credential may potentially be captured by an attacker if additional session handling, access control or cross-site scripting vulnerabilities were to be discovered in the SSL-VPN web portal, or in the applications within (or in case of client-side vulnerabilities, in the user's browser).
Affected Products
FortiOS 6.0.0, 5.6.5 and below versions
Solutions
Upgrade to FortiOS 5.6.6, 6.0.1 or newer versions
Workaround
Avoid using the SSO feature in FortiOS SSL VPN bookmarks, especially if the applications inside the SSL VPN web portal are untrusted.
Acknowledgement
Fortinet is pleased to thank Stephan Neidhardt - link protect GmbH reporting this vulnerability under responsible disclosure.