Fortinet Fortigate - Plain-text credentials in GET request via SSL VPN web portal (FG-IR-23-120)

Language:

Version 1.4 May 22, 2024, 3:18 PM Detection (updated detection logic) Plugin Feed: 202405221518
Version 1.3 Dec 1, 2023, 10:14 AM IAVM reference Plugin Feed: 202312011014
Version 1.2 Oct 16, 2023, 5:15 PM CVSS metrics ("CVSSv2 score" changed from 5.0 to 7.8. "CVSSv2 vector" changed from "CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N" to "CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N") CVSSv2 severity (based on CVE-2023-37935, severity increased from "Medium" to "High") CVSSv3 score source (set to "CVE-2023-37935") Plugin Feed: 202310161715
Version 1.1 Oct 13, 2023, 2:22 PM IAVM reference STIG Severity (set to "I") Plugin Feed: 202310131422
Version 1.0 Oct 12, 2023, 12:04 PM New Plugin Feed: 202310121204

* Changelogs are generally available for changes made after Nov 1, 2022