Description

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

Related CPE's

o

fortinet

fortios

4

References

https://fortiguard.fortinet.com/psirt/FG-IR-24-111

Vendor Advisory

Weaknesses

[email protected]

Secondary
CWE-257

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

2.3 · Low

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2025-04-08T12:15:31.040Z

11 months ago

Last modified

2025-11-18T16:15:57.847Z

4 months ago