Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1455

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2015-1455
Last Modified 19 Feb 2015 01:59:27
Published 03 Feb 2015 11:59:27
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2015-1455

Summary

Fortinet FortiAuthenticator 3.0.0 has a password of (1) slony for the slony PostgreSQL user and (2) www-data for the www-data PostgreSQL user, which makes it easier for remote attackers to obtain access via unspecified vectors.

Vulnerable Systems

Application

  • Fortinet Fortiauthenticator 3.0.0


References

BID - 72378

MISC - http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf

MISC - http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html

CONFIRM - http://www.fortiguard.com/advisory/FG-IR-15-003/


Last Updated: 27 May 2016 11:07:42