Cleartext Storage Vulnerability in FortiADC by Fortinet
CVE-2020-15935

4.3MEDIUM

Key Information:

Vendor: Fortinet
Status: Fortinet Fortiadc
Vendor: CVE Published:; 2 November 2021

Summary

In FortiADC versions 5.4.3 and lower, as well as 6.0.0 and lower, sensitive information is stored in cleartext within the graphical user interface. This design flaw may allow a remote authenticated attacker to exploit the system and retrieve sensitive data such as LDAP passwords and RADIUS shared secrets. The attacker can achieve this by deobfuscating the password entry fields. Organizations should address this vulnerability promptly to safeguard their sensitive information.

Affected Version(s)

Fortinet FortiADC FortiADC 5.4.3 6.0.0

References

https://fortiguard.com/advisory/FG-IR-20-044

x_refsource_CONFIRM

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 2, 2021
Vulnerability Reserved
Jul 24, 2020