PSIRT Advisory

SSL VPN Web Portal user credentials may be leaked to super_admins

Summary

An admin user with super_admin privileges (i.e. with a super_admin profile) may view the current sslvpn web portal session info, using the fnsysctl CLI command. This info includes user credentials.

Impact

Information Disclosure

Affected Products

FortiOS 5.6 branch: 5.6.0 to 5.6.2
FortiOS 5.4 branch: 5.4.0 to 5.4.5
FortiOS 5.2 and below versions

Solutions

Upgrade to FortiOS 5.4.6 or 5.6.3

Acknowledgement

Fortinet is pleased to thank Jean-Noel Meurisse, Solvay S.A. for reporting this vulnerability under responsible disclosure.