Main Vulnerability Database Vulnerabilities #VU48131

#VU48131 Cleartext storage of sensitive information in FortiADC - CVE-2020-15935

Published: November 3, 2020

Vulnerability identifier: #VU48131

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-15935

CWE-ID: CWE-312

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FortiADC

Software vendor:
Fortinet, Inc

Description

The vulnerability allows a remote user to gain access to sensitive information.

The vulnerability exists due to GUI in FortiADC may allow information disclosure. A remote authenticated user can obtain sensitive information, such as users LDAP passwords and RADIUS shared secret, by deobfuscating the passwords entry fields.

Remediation

Install updates from vendor's website.

External links

https://fortiguard.com/psirt/FG-IR-20-044

#VU48131 Cleartext storage of sensitive information in FortiADC - CVE-2020-15935

Description

Remediation

External links

Please verify you're human