A Default Configuration vulnerability in FortiOS may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server.
Affected ProductsFortiOS 6.2.0 and below.
SolutionsFor users running versions 6.0.3 to 6.2.0, enabling the CLI option that checks for LDAP server identity entirely prevents the issue. This option can be enabled only if secure and ca-cert of the LDAP server are set. config user ldap edit ldap-server set ca-cert
Fortinet is pleased to thank James Renken from the Internet Security Research Group and Florian Thiele for bringing this issue to our attention under responsible disclosure.