CVE-2018-13374
CVE-2018-13374
In short
Fortinet FortiOS and FortiADC devices can leak LDAP login credentials when testing LDAP server connectivity. An attacker can redirect this test to a fake server they control to intercept and steal the credentials.
Technical detail
Improper access control (CWE-732) in FortiOS 6.0.2, 5.6.7 and prior, and FortiADC 6.1.0, 6.0.x, 5.4.x allows an unauthenticated or low-privileged attacker to capture LDAP credentials by intercepting LDAP connectivity test requests. The vulnerability stems from insufficient validation of the LDAP server endpoint during testing, enabling credential exfiltration via man-in-the-middle techniques.
Summary generated and translated by AI from the official description.
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the configured one.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Fortinet · Fortinet FortiOS, fortiADCpublic PoCs found — 2
githubgithub.com/Justjeff211/conti-ransomware-writeup★ 0exploitdbwww.exploit-db.com/exploits/46171unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →