LDAP Server Login Credentials Leakage Vulnerability in Fortinet FortiOS and FortiADC

LDAP Server Login Credentials Leakage Vulnerability in Fortinet FortiOS and FortiADC

CVE-2018-13374 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.

Learn more about our Cis Benchmark Audit For Apple Ios.