PSIRT Advisory

Serial number disclosure in the FortiOS PPTP server hostname protocol field

Summary

Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol.

Impact

Information Disclosure

Affected Products

FortiOS 6.0.1 and before

Solutions

Upgrade to FortiOS 6.0.2 or later

Acknowledgement

Fortinet is pleased to thank security researcher Mark Oakton at Infosec Partners reporting this vulnerability under responsible disclosure.