FortiOS SSL VPN webportal user credentials present in plain text in client side javascript file
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-18-027
Final
1
1
2018-06-22T00:00:00
Current version
2018-06-22T00:00:00
2018-06-22T00:00:00
An information disclosure vulnerability exists in the SSL-VPN web portal of FortiOS: when pages bookmarked in the web portal use the Single sign-on (SSO) feature, the user's webportal's login and password are included in a javascript file sent client-side.The leaked credential may potentially be captured by an attacker if additional session handling, access control or cross-site scripting vulnerabilities were to be discovered in the SSL-VPN web portal, or in the applications within (or in case of client-side vulnerabilities, in the user's browser).
Information Disclosure
FortiOS 6.0.0 and below versions
Upgrade to FortiOS 5.6.6, 6.0.1 or versions after 6.0.1 Workaround: Avoid using the SSO feature in FortiOS SSL VPN bookmarks, especially if the applications inside the SSL VPN webportal are untrusted.
Fortinet is pleased to thank Stephan Neidhardt - link protect GmbH reporting this vulnerability under responsible disclosure.
FortiOS 6.0.0
FortiOS 5.6.5
FortiOS 5.6.4
FortiOS 5.6.3
FortiOS 5.6.2
FortiOS 5.6.1
FortiOS 5.6.0
FortiOS 5.4.13
FortiOS 5.4.12
FortiOS 5.4.11
FortiOS 5.4.10
FortiOS 5.4.9
FortiOS 5.4.8
FortiOS 5.4.7
FortiOS 5.4.6
FortiOS 5.4.5
FortiOS 5.4.4
FortiOS 5.4.3
FortiOS 5.4.2
FortiOS 5.4.1
FortiOS 5.4.0
FortiOS 5.2.15
FortiOS 5.2.14
FortiOS 5.2.13
FortiOS 5.2.12
FortiOS 5.2.11
FortiOS 5.2.10
FortiOS 5.2.9
FortiOS 5.2.8
FortiOS 5.2.7
FortiOS 5.2.6
FortiOS 5.2.5
FortiOS 5.2.4
FortiOS 5.2.3
FortiOS 5.2.2
FortiOS 5.2.1
FortiOS 5.2.0
FortiOS 5.0.14
FortiOS 5.0.13
FortiOS 5.0.12
FortiOS 5.0.11
FortiOS 5.0.10
FortiOS 5.0.9
FortiOS 5.0.8
FortiOS 5.0.7
FortiOS 5.0.6
FortiOS 5.0.5
FortiOS 5.0.4
FortiOS 5.0.3
FortiOS 5.0.2
FortiOS 5.0.1
FortiOS 5.0.0
FortiOS SSL VPN webportal user credentials present in plain text in client side javascript file
CVE-2018-9185
FortiOS-6.0.0
FortiOS-5.6.5
FortiOS-5.6.4
FortiOS-5.6.3
FortiOS-5.6.2
FortiOS-5.6.1
FortiOS-5.6.0
FortiOS-5.4.13
FortiOS-5.4.12
FortiOS-5.4.11
FortiOS-5.4.10
FortiOS-5.4.9
FortiOS-5.4.8
FortiOS-5.4.7
FortiOS-5.4.6
FortiOS-5.4.5
FortiOS-5.4.4
FortiOS-5.4.3
FortiOS-5.4.2
FortiOS-5.4.1
FortiOS-5.4.0
FortiOS-5.2.15
FortiOS-5.2.14
FortiOS-5.2.13
FortiOS-5.2.12
FortiOS-5.2.11
FortiOS-5.2.10
FortiOS-5.2.9
FortiOS-5.2.8
FortiOS-5.2.7
FortiOS-5.2.6
FortiOS-5.2.5
FortiOS-5.2.4
FortiOS-5.2.3
FortiOS-5.2.2
FortiOS-5.2.1
FortiOS-5.2.0
FortiOS-5.0.14
FortiOS-5.0.13
FortiOS-5.0.12
FortiOS-5.0.11
FortiOS-5.0.10
FortiOS-5.0.9
FortiOS-5.0.8
FortiOS-5.0.7
FortiOS-5.0.6
FortiOS-5.0.5
FortiOS-5.0.4
FortiOS-5.0.3
FortiOS-5.0.2
FortiOS-5.0.1
FortiOS-5.0.0
5.3
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:X/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-18-027
FortiOS SSL VPN webportal user credentials present in plain text in client side javascript file
Reference>