Cleartext Storage of Sensitive Information in FortiADC GUI

Cleartext Storage of Sensitive Information in FortiADC GUI

CVE-2020-15935 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.

Learn more about our User Device Pen Test.