IR Number	FG-IR-20-044
Date	Nov 3, 2020
Risk
CVSSv3 Score	4.2
Impact	Information disclosure
CVE ID	CVE-2020-15935
Affected Products	FortiADC: 6.0.0, 5.4.3, 5.4.2, 5.4.1, 5.4.0, 5.3.7, 5.3.6, 5.3.5, 5.3.4, 5.3.3, 5.3.2, 5.3.1, 5.3.0, 5.2.8, 5.2.7, 5.2.6, 5.2.5, 5.2.4, 5.2.3, 5.2.2, 5.2.1, 5.2.0, 5.1.7, 5.1.6, 5.1.5, 5.1.4, 5.1.3, 5.1.2, 5.1.1, 5.1.0, 5.0.4, 5.0.3, 5.0.2, 5.0.1, 5.0.0
CVRF	Download
Language

Refine Search

PSIRT Advisories

FortiADC is vulnerable to retrieval of sensitive information in cleartext via GUI

Summary

A cleartext storage of sensitive information in GUI in FortiADC may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.

Affected Products

FortiADC versions 6.0.0 and below. FortiADC versions 5.4.3 and below.

Solutions

Please upgrade to FortiADC versions 6.0.1 or above. Please upgrade to FortiADC versions 5.4.4 or above.

Acknowledgement

Fortinet is pleased to thank Harish Chowdary for reporting this vulnerability under responsible disclosure.