Fortiguard

FortiGate & FortiADC - Read-only admins can obtain the LDAP credentials configured in the FortiGate and FortiADC using the LDAP test connectivity feature

Summary

FortiGate's and FortiADC's read-only admins are able to point an LDAP server connectivity test request to a rogue LDAP server instead of the configured one, in order to obtain the LDAP server login credentials configured in the FortiGate.

Affected Products

FortiOS 6.0.2 and below

FortiADC 6.1.0 and below

FortiADC 6.0.1 and below

FortiADC 5.4.4 and below

Solutions

Upgrade to FortiOS 6.0.3 or upcoming 6.2.0

Please upgrade to FortiADC 6.1.1 or above.
Please upgrade to FortiADC 6.0.2 or above.
Please upgrade to FortiADC 5.4.5 or above.

Acknowledgement

Fortinet is pleased to thank Julio Engels Ureña Martinez for reporting this vulnerability under responsible disclosure.

IR Number	FG-IR-18-157
Date	Jun 1, 2021
Severity	Low
CVSSv3 Score	4.2
Impact	Improper Access Control
CVE ID	CVE-2018-13374
CVRF	Download
Language

Network

Files and Endpoint

Application

Additional SOC Services

PSIRT Advisories

FortiGate & FortiADC - Read-only admins can obtain the LDAP credentials configured in the FortiGate and FortiADC using the LDAP test connectivity feature

Summary

Affected Products

Solutions

Acknowledgement

News / Research

Network

Files and Endpoint

Application

Additional SOC Services

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer

FortiCWP

FortiWeb

FortiNDR

FortiSandBox

FortiTester

Threat Lookup

PSIRT

Resources

PSIRT Advisories

FortiGate & FortiADC - Read-only admins can obtain the LDAP credentials configured in the FortiGate and FortiADC using the LDAP test connectivity feature

Summary

Affected Products

Solutions

Acknowledgement