FortiSIEM external authentication password reflected in external authentication profile
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-100
Final
1
1
2019-10-08T00:00:00
Current version
2019-10-08T00:00:00
2019-10-08T00:00:00
An information exposure vulnerability in the external authentication profile form of FortiSIEM may allow an authenticated attacker to retrieve the external authentication password via the HTML source code.This could potentially aggravate attacks targeting the authenticated admin session, should they exist (XSS, social engineering, proxy caching...).
Information disclosure
FortiSIEM version 5.2.2 and below
Please upgrade to FortiSIEM version 5.2.5 and above
Fortinet is pleased to thank Yavuz YUKSEL security researcher for reporting this vulnerability under responsible disclosure.
FortiSIEM 5.2.1
FortiSIEM 5.0.1
FortiSIEM external authentication password reflected in external authentication profile
CVE-2019-6700
FortiSIEM-5.2.1
FortiSIEM-5.0.1
3.4
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-100
FortiSIEM external authentication password reflected in external authentication profile
Reference>