3 matches found
CVE-2023-37935
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services...
Fortinet Fortigate Plain-text credentials in GET request via SSL VPN web portal (FG-IR-23-120)
The version of Fortigate installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-120 advisory. - A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 an...
CVE-2023-37935
Fortinet FortiOS SSL VPN contains CVE-2023-37935: a vulnerability where GET requests with sensitive query strings can expose plaintext passwords for remote services (e.g., RDP/VNC). Affected: FortiOS versions 7.0.0–7.0.12, 7.2.0–7.2.5, and 7.4.0. Root cause: GET request handling allows leakage of...