Serial number disclosure in the FortiOS PPTP server hostname protocol field


Fortigate PPTP service reveals serial number of FortiGate in the hostname field defined in connection control setup packets of PPTP protocol.

Affected Products

FortiOS 6.0.1 and before


Upgrade to FortiOS 6.0.2 or later


Fortinet is pleased to thank security researcher Mark Oakton at Infosec Partners reporting this vulnerability under responsible disclosure.