Summary
FortiGate's and FortiADC's read-only admins are able to point an LDAP server connectivity test request to a rogue LDAP server instead of the configured one, in order to obtain the LDAP server login credentials configured in the FortiGate.
Affected Products
FortiOS 6.0.2 and before
FortiADC 6.1.0 and before
FortiADC 6.0.1 and before
FortiADC 5.4.4 and before
Solutions
Upgrade to FortiOS 6.0.3 or upcoming 6.2.0
Please upgrade to FortiADC 6.1.1 or above.
Please upgrade to FortiADC 6.0.2 or above.
Please upgrade to FortiADC 5.4.5 or above.
Acknowledgement
Fortinet is pleased to thank Julio Engels Ureña Martinez for reporting this vulnerability under responsible disclosure.