8 matches found
Fortinet Fortigate using the LDAP test connectivity feature (FG-IR-18-157)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-18-157 advisory. - A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allow...
VulnCheck KEV: CVE-2018-13374
Fortinet FortiOS and FortiADC contain an improper access control vulnerability that allows attackers to obtain the LDAP server login credentials configured in FortiGate by pointing a LDAP server connectivity test request to a rogue LDAP server...
Fortinet FortiGate < 5.6.8 / 6.x < 6.0.3 LDAP Credential Disclosure (FG-IR-18-157)
The remote host is running FortiOS prior to 5.6.8 or 6.x prior to 6.0.3. It is, therefore, affected by a credential disclosure vulnerability in the LDAP connectivity test component. This can allow a remote, read-only admin authenticated attacker to obtain the configured LDAP server login...
CVE-2018-13374
CVE-2018-13374 describes an improper access control in Fortinet FortiOS (versions including 6.0.2, 5.6.7 and earlier) and FortiADC (6.1.0, 6.0.0–6.0.1, 5.4.0–5.4.4). An LDAP-credentials disclosure occurs when a LDAP connectivity test is pointed to a rogue LDAP server instead of the configured one...
CVE-2018-13374
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the...
CVE-2018-13374
A Improper Access Control in Fortinet FortiOS 6.0.2, 5.6.7 and before, FortiADC 6.1.0, 6.0.0 to 6.0.1, 5.4.0 to 5.4.4 allows attacker to obtain the LDAP server login credentials configured in FortiGate via pointing a LDAP server connectivity test request to a rogue LDAP server instead of the...
CVE-2018-13374
creationtimestamp| type| source ---|---|--- 2019-01-16 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/46171 2022-05-12 16:19:54+00:00| seen| MISP/095ab3f1-cbae-4b5c-8534-34d42a458aa5 2023-06-14 21:10:03+00:00| seen| MISP/3c19819c-1dac-4ef2-bfed-be5efa7e0123 2024-12-24...
FortiGate FortiOS LDAP Credential Disclosure
/usr/bin/python3 """ CVE-2018-13374 Publicado por Julio UreA+-a PlainText Twitter: @JulioUrena Blog Post: https://plaintext.do/My-1st-CVE-Capture-LDAP-Credentials-From-FortiGate-EN/ Referencia: https://fortiguard.com/psirt/FG-IR-18-157 Ejemplo: python3 CVE-2018-13374.py -f https://FortiGateIP -u...