Описание
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-1456
- http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html
- http://www.fortiguard.com/advisory/FG-IR-15-003
- http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf
- http://www.securityfocus.com/bid/72378
Связанные уязвимости
nvd
около 11 лет назад
Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.