SynopsisThe remote host is affected by a credential disclosure vulnerability.
DescriptionThe remote host is running FortiOS prior to 5.6.8 or 6.x prior to 6.0.3. It is, therefore, affected by a credential disclosure vulnerability in the LDAP connectivity test component. This can allow a remote, read-only admin authenticated attacker to obtain the configured LDAP server login credentials by pointing the LDAP connectivity test at a rogue LDAP server they control.
SolutionUpgrade to Fortinet FortiOS version 5.6.8, 6.0.3, or 6.2.0 or later.