PSIRT Advisory

FortiOS Local Admin Password Hash Leak Vulnerability

Summary

A read-only administrator may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API , and may therefore be able to crack them.

Description

A read-only administrator may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API , and may therefore be able to crack them.

Impact

Information leak

Affected Products

FortiOS 5.2.0 - 5.2.9, 5.4.1

Solutions

* Upgrade to 5.4.2 GA
* Upgrade to 5.2.10 GA
Workarounds:
1. Use two-factor authentication in conjunction with local admins account or a remote authentication method like LDAP or RADIUS.
2. Use a strong password policy to prevent password from being cracked from a hash value.

Acknowledgement

Fortinet is pleased to thank Bryan Schmidt for reporting this vulnerability under responsible disclosure.