Plain-text credentials in GET request via SSL VPN web portal

Summary

A use of GET request method with sensitive query strings vulnerability [CWE-598] in the FortiOS SSL VPN component may allow an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services (found in logs, referers, caches, etc...)

Affected Products

FortiOS version 7.4.0
FortiOS version 7.2.0 through 7.2.5
FortiOS version 7.0.0 through 7.0.12

Solutions

Please upgrade to FortiOS version 7.4.1 or above
Please upgrade to FortiOS version 7.2.6 or above
Please upgrade to upcoming FortiOS version 7.0.13 or above

Timeline

2023-10-10: Initial publication