Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2015-1456

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2015-1456
Last Modified 19 Feb 2015 01:59:40
Published 03 Feb 2015 11:59:28
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2015-1456

Summary

Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.

Vulnerable Systems

Application

  • Fortinet Fortiauthenticator 3.0.0


References

BID - 72378

MISC - http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf

MISC - http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html

CONFIRM - http://www.fortiguard.com/advisory/FG-IR-15-003/


Last Updated: 27 May 2016 11:07:42