PSIRT Advisory

Read-only admins can obtain LDAP credentials configured in FortiGate using LDAP test connectivity feature


Fortigate's read-only admins are able to point a LDAP server connectivity test request to a rogue LDAP server instead of the configured one, in order to obtain the LDAP server login credentials configured in the FortiGate.


Improper Access Control

Affected Products

FortiOS 6.0.2 and before


Upgrade to FortiOS 6.0.3 or upcoming 6.2.0


Fortinet is pleased to thank Julio Engels Ureña Martinez for reporting this vulnerability under responsible disclosure.