CVE-2020-15935

Published: Nov 2, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.

Affected (2)

Products: Fortinet: Fortiadc

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Fortinet Fortiadc	From 5.0.0 to 5.4.3
Fortinet Fortiadc	From 6.0.0 to 6.0.1

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (2)

https://fortiguard.com/advisory/FG-IR-20-044

Source: psirt@fortinet.com

Vendor Advisory

https://fortiguard.com/advisory/FG-IR-20-044

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.