Lucene search

[email protected]CVE-2015-1456

HistoryFeb 03, 2015 - 4:59 p.m.

CVE-2015-1456

2015-02-0316:59:28

CWE-200

[email protected]

web.nvd.nist.gov

cve-2015-1456

fortinet

fortiauthenticator

postgresql

cleartext

sensitive information

6.2 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

48.4%

JSON

Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.

Affected configurations

NVD

Node

fortinetfortiauthenticatorMatch3.0.0

CPENameOperatorVersion
fortinet:fortiauthenticatorfortinet fortiauthenticatoreq3.0.0

CPE	Name	Operator	Version
fortinet:fortiauthenticator	fortinet fortiauthenticator	eq	3.0.0

References

packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html

www.fortiguard.com/advisory/FG-IR-15-003/

www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf

www.securityfocus.com/bid/72378

6.2 Medium

AI Score

Confidence

Low

4 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

0.001 Low

EPSS

Percentile

48.4%

JSON

Related for CVE-2015-1456

prion1 nvd1 cvelist1 fortinet1 openvas1 kaspersky1 nessus1