CVE-2020-15935 in FortiADCinfo

Summary

by MITRE • 11/02/2021

A cleartext storage of sensitive information in GUI in FortiADC versions 5.4.3 and below, 6.0.0 and below may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords and RADIUS shared secret by deobfuscating the passwords entry fields.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

Analysis

by VulDB Data Team • 11/06/2021

The vulnerability CVE-2020-15935 represents a critical cleartext storage issue in FortiADC appliances running versions 5.4.3 and below, as well as 6.0.0 and below. This flaw exists within the graphical user interface component where sensitive authentication credentials are stored in an unencrypted format, creating a significant security risk for organizations relying on these network security appliances. The vulnerability specifically affects the handling of LDAP passwords and RADIUS shared secrets, which are critical components of network authentication infrastructure. According to CWE-312, this issue falls under the category of cleartext storage of sensitive information, which is a well-documented weakness that exposes sensitive data to unauthorized access through simple deobfuscation techniques.

The technical implementation of this vulnerability allows remote authenticated attackers to exploit the GUI interface to retrieve sensitive information that should remain protected. When users configure LDAP authentication or RADIUS shared secrets within the FortiADC management interface, the system stores these credentials in a readable format rather than encrypting them at rest. This design flaw means that any attacker who gains authenticated access to the GUI can easily extract these passwords by deobfuscating the stored values, bypassing normal security controls that would typically protect such sensitive information. The vulnerability demonstrates poor security hygiene in data protection practices, particularly in the context of network infrastructure devices where authentication credentials are paramount to overall security posture.

The operational impact of CVE-2020-15935 extends beyond simple credential theft, as it compromises the integrity of the entire authentication framework within affected FortiADC deployments. Organizations using these vulnerable appliances face potential lateral movement within their networks, as compromised LDAP passwords could provide access to multiple systems that rely on the same authentication infrastructure. The RADIUS shared secrets, when exposed, could allow attackers to impersonate legitimate network devices and gain unauthorized access to network resources. This vulnerability particularly affects enterprise environments where FortiADC appliances serve as load balancers, application delivery controllers, or traffic management solutions, making the potential attack surface substantial. The issue aligns with ATT&CK technique T1552.001, which covers the use of credentials from password storage components, and represents a significant risk to network security and compliance requirements.

Organizations should immediately implement mitigations including upgrading to patched versions of FortiADC software, which typically address the cleartext storage issue through proper encryption of sensitive data at rest. Network administrators should also consider implementing additional access controls and monitoring for unauthorized GUI access attempts, as well as conducting thorough credential rotation for all affected LDAP and RADIUS configurations. The vulnerability highlights the importance of proper input validation and secure data handling practices in network security appliances, particularly those that manage authentication credentials. Security teams should also review their incident response procedures to ensure they can quickly identify and remediate similar issues within their network infrastructure components. Compliance frameworks such as pci dss and nist 800-53 emphasize the need for proper credential protection, making this vulnerability particularly concerning for regulated environments where data protection is mandatory.

Responsible

Fortinet, Inc.

Reservation

07/24/2020

Disclosure

11/02/2021

Moderation

accepted

CPE

ready

EPSS

0.00526

KEV

no

Activities

very low

Sources

Want to stay up to date on a daily basis?

Enable the mail alert feature now!