Multiple Products - Retrieval of sensitive information in cleartext via GUI
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-20-044
Final
1
1
2021-11-02T00:00:00
Current version
2021-11-02T00:00:00
2021-11-02T00:00:00
A cleartext storage of sensitive information in the GUI of FortiADC, FortiSIEM, FortiDDoS, FortiDDoS-CM and FortiDDoS-F may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords, RADIUS shared secret and the Elastic Cloud database password by deobfuscating the passwords entry fields.
Information disclosure
FortiADC versions 6.0.0. FortiADC versions 5.x upto 5.4.3 FortiSIEM versions 6.2.x, 6.1.x, 6.x FortiDDoS versions 5.4.x, 5.3.x, 5.2.x, 5.1.x, 5.0.x FortiDDoS-F versions 6.1.x, 6.0.x
Please upgrade to FortiADC versions 5.4.4 or above. Please upgrade to FortiADC versions 6.0.1 or above. Please upgrade to FortiSIEM 6.3.0 or above. Please upgrade to FortiDDoS 5.5.0 or above. Please upgrade to FortiDDoS-F 6.2.0 or above.
Fortinet is pleased to thank Harish Chowdary for reporting this vulnerability under responsible disclosure.
FortiADC 6.0.0
FortiADC 5.4.3
FortiADC 5.4.2
FortiADC 5.4.1
FortiADC 5.4.0
FortiADC 5.3.7
FortiADC 5.3.6
FortiADC 5.3.5
FortiADC 5.3.4
FortiADC 5.3.3
FortiADC 5.3.2
FortiADC 5.3.1
FortiADC 5.3.0
FortiADC 5.2.8
FortiADC 5.2.7
FortiADC 5.2.6
FortiADC 5.2.5
FortiADC 5.2.4
FortiADC 5.2.3
FortiADC 5.2.2
FortiADC 5.2.1
FortiADC 5.2.0
FortiADC 5.1.7
FortiADC 5.1.6
FortiADC 5.1.5
FortiADC 5.1.4
FortiADC 5.1.3
FortiADC 5.1.2
FortiADC 5.1.1
FortiADC 5.1.0
FortiADC 5.0.4
FortiADC 5.0.3
FortiADC 5.0.2
FortiADC 5.0.1
FortiADC 5.0.0
FortiDDoS 5.4.3
FortiDDoS 5.4.2
FortiDDoS 5.4.1
FortiDDoS 5.4.0
FortiDDoS 5.3.2
FortiDDoS 5.3.1
FortiDDoS 5.3.0
FortiDDoS 5.2.0
FortiDDoS 5.1.0
FortiDDoS 5.0.0
FortiDDoS 4.7.0
FortiDDoS 4.6.0
FortiDDoS 4.5.0
FortiDDoS 4.4.2
FortiDDoS 4.4.1
FortiDDoS 4.4.0
FortiDDoS 4.3.2
FortiDDoS 4.3.1
FortiDDoS 4.3.0
FortiDDoS 4.2.2
FortiDDoS 4.2.1
FortiDDoS-F 6.1.5
FortiDDoS-F 6.1.4
FortiDDoS-F 6.1.3
FortiDDoS-F 6.1.2
FortiDDoS-F 6.1.1
FortiDDoS-F 6.1.0
FortiSIEM 6.2.1
FortiSIEM 6.2.0
FortiSIEM 6.1.2
FortiSIEM 6.1.1
FortiSIEM 6.1.0
FortiSIEM 5.4.0
FortiSIEM 5.3.3
FortiSIEM 5.3.2
FortiSIEM 5.3.1
FortiSIEM 5.3.0
FortiSIEM 5.2.8
FortiSIEM 5.2.7
FortiSIEM 5.2.6
FortiSIEM 5.2.5
FortiSIEM 5.2.2
FortiSIEM 5.2.1
FortiSIEM 5.1.3
FortiSIEM 5.1.2
FortiSIEM 5.1.1
FortiSIEM 5.1.0
FortiSIEM 5.0.1
FortiSIEM 5.0.0
Multiple Products - Retrieval of sensitive information in cleartext via GUI
CVE-2020-15935
FortiADC-6.0.0
FortiADC-5.4.3
FortiADC-5.4.2
FortiADC-5.4.1
FortiADC-5.4.0
FortiADC-5.3.7
FortiADC-5.3.6
FortiADC-5.3.5
FortiADC-5.3.4
FortiADC-5.3.3
FortiADC-5.3.2
FortiADC-5.3.1
FortiADC-5.3.0
FortiADC-5.2.8
FortiADC-5.2.7
FortiADC-5.2.6
FortiADC-5.2.5
FortiADC-5.2.4
FortiADC-5.2.3
FortiADC-5.2.2
FortiADC-5.2.1
FortiADC-5.2.0
FortiADC-5.1.7
FortiADC-5.1.6
FortiADC-5.1.5
FortiADC-5.1.4
FortiADC-5.1.3
FortiADC-5.1.2
FortiADC-5.1.1
FortiADC-5.1.0
FortiADC-5.0.4
FortiADC-5.0.3
FortiADC-5.0.2
FortiADC-5.0.1
FortiADC-5.0.0
FortiDDoS-5.4.3
FortiDDoS-5.4.2
FortiDDoS-5.4.1
FortiDDoS-5.4.0
FortiDDoS-5.3.2
FortiDDoS-5.3.1
FortiDDoS-5.3.0
FortiDDoS-5.2.0
FortiDDoS-5.1.0
FortiDDoS-5.0.0
FortiDDoS-4.7.0
FortiDDoS-4.6.0
FortiDDoS-4.5.0
FortiDDoS-4.4.2
FortiDDoS-4.4.1
FortiDDoS-4.4.0
FortiDDoS-4.3.2
FortiDDoS-4.3.1
FortiDDoS-4.3.0
FortiDDoS-4.2.2
FortiDDoS-4.2.1
FortiDDoS-F-6.1.5
FortiDDoS-F-6.1.4
FortiDDoS-F-6.1.3
FortiDDoS-F-6.1.2
FortiDDoS-F-6.1.1
FortiDDoS-F-6.1.0
FortiSIEM-6.2.1
FortiSIEM-6.2.0
FortiSIEM-6.1.2
FortiSIEM-6.1.1
FortiSIEM-6.1.0
FortiSIEM-5.4.0
FortiSIEM-5.3.3
FortiSIEM-5.3.2
FortiSIEM-5.3.1
FortiSIEM-5.3.0
FortiSIEM-5.2.8
FortiSIEM-5.2.7
FortiSIEM-5.2.6
FortiSIEM-5.2.5
FortiSIEM-5.2.2
FortiSIEM-5.2.1
FortiSIEM-5.1.3
FortiSIEM-5.1.2
FortiSIEM-5.1.1
FortiSIEM-5.1.0
FortiSIEM-5.0.1
FortiSIEM-5.0.0
4.2
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-20-044
Multiple Products - Retrieval of sensitive information in cleartext via GUI
Reference>