FortiGate default configuration does not verify the LDAP server identity.
Summary
A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
Impact Detail
Information Disclosure
Affected Products
FortiOS 6.2.0 and below.Solutions
For users running versions 6.0.3 to 6.2.0, enabling the CLI option that checks for LDAP server identity entirely prevents the issue. This option can be enabled only if secure and ca-cert of the LDAP server are set. config user ldap edit ldap-server set ca-certAcknowledgement
Fortinet is pleased to thank James Renken from the Internet Security Research Group and Florian Thiele for bringing this issue to our attention under responsible disclosure.