FortiOS local admin password could be obtained
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-16-050
Final
1
1
2016-12-02T00:00:00
Current version
2016-12-02T00:00:00
2016-12-02T00:00:00
A read-only administrator may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API , and may therefore be able to crack them.
A read-only administrator may have access to read-write administrators password hashes (not including super-admins) stored on the appliance via the webui REST API , and may therefore be able to crack them.
Information leak
FortiOS
* Upgrade to 5.4.2 GA * Upgrade to 5.2.10 GA Workarounds: 1. Use two-factor authentication in conjunction with local admins account or a remote authentication method like LDAP or RADIUS. 2. Use a strong password policy to prevent password from being cracked from a hash value.
Fortinet is pleased to thank Bryan Schmidt for reporting this vulnerability under responsible disclosure.
FortiOS 5.4.1
FortiOS 5.4.0
FortiOS 5.2.10
FortiOS 5.2.9
FortiOS 5.2.8
FortiOS 5.2.7
FortiOS 5.2.6
FortiOS 5.2.5
FortiOS 5.2.4
FortiOS 5.2.3
FortiOS 5.2.2
FortiOS 5.2.1
FortiOS 5.2.0
FortiOS local admin password could be obtained
CVE-2016-7542
FortiOS-5.4.1
FortiOS-5.4.0
FortiOS-5.2.10
FortiOS-5.2.9
FortiOS-5.2.8
FortiOS-5.2.7
FortiOS-5.2.6
FortiOS-5.2.5
FortiOS-5.2.4
FortiOS-5.2.3
FortiOS-5.2.2
FortiOS-5.2.1
FortiOS-5.2.0
3.4
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-16-050
FortiOS local admin password could be obtained
Reference>