PSIRT Advisory
FortiADC is vulnerable to retrieval of sensitive information in cleartext via GUI
Summary
A cleartext storage of sensitive information in GUI in FortiADC may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.
Impact
Information disclosure
Affected Products
FortiADC versions 6.0.0 and below. FortiADC versions 5.4.3 and below.
Solutions
Please upgrade to FortiADC versions 6.0.1 or above. Please upgrade to FortiADC versions 5.4.4 or above.
Acknowledgement
Fortinet is pleased to thank Harish Chowdary for reporting this vulnerability under responsible disclosure.