FortiGate & FortiADC - Read-only admins can obtain the LDAP credentials configured in the FortiGate and FortiADC using the LDAP test connectivity feature
Summary
FortiGate's and FortiADC's read-only admins are able to point an LDAP server connectivity test request to a rogue LDAP server instead of the configured one, in order to obtain the LDAP server login credentials configured in the FortiGate.