PSIRT

Multiple Products - Retrieval of sensitive information in cleartext via GUI

Summary

A cleartext storage of sensitive information in the GUI of FortiADC, FortiSIEM, FortiDDoS, FortiDDoS-CM and FortiDDoS-F may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords, RADIUS shared secret and the Elastic Cloud database password by deobfuscating the passwords entry fields.

Affected Products

FortiADC versions 6.0.0.
FortiADC versions 5.x upto 5.4.3
FortiSIEM versions 6.2.x, 6.1.x, 6.x
FortiDDoS versions 5.4.x, 5.3.x, 5.2.x, 5.1.x, 5.0.x
FortiDDoS-F versions 6.1.x, 6.0.x

Solutions

Please upgrade to FortiADC versions 5.4.4 or above.
Please upgrade to FortiADC versions 6.0.1 or above.
Please upgrade to FortiSIEM 6.3.0 or above.
Please upgrade to FortiDDoS 5.5.0 or above.
Please upgrade to FortiDDoS-F 6.2.0 or above.

Acknowledgement

Fortinet is pleased to thank Harish Chowdary for reporting this vulnerability under responsible disclosure.

IR Number	FG-IR-20-044
Date	Nov 2, 2021
Component	GUI
Severity	Medium
CVSSv3 Score	4.2
Impact	Information disclosure
CVE ID	CVE-2020-15935
CVRF	Download
Language

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

PSIRT

Multiple Products - Retrieval of sensitive information in cleartext via GUI

Summary

Affected Products

Solutions

Acknowledgement

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

About FortiGuard Labs

Partners

PSIRT

Multiple Products - Retrieval of sensitive information in cleartext via GUI

Summary

Affected Products

Solutions

Acknowledgement

Threat Intelligence
Center