Test Kennung:	1.3.6.1.4.1.25623.1.0.105228
Kategorie:	FortiOS Local Security Checks
Titel:	Fortinet FortiAuthenticator Appliance Multiple Security Vulnerabilities (FG-IR-15-003)
Zusammenfassung:	Fortinet FortiAuthenticator is prone to multiple; vulnerabilities.
Beschreibung:	Summary: Fortinet FortiAuthenticator is prone to multiple vulnerabilities. Vulnerability Insight: The following flaws exist: - CVE-2015-1455: Hardcoded PostgreSQL user and password - CVE-2015-1456: PostgreSQL users and passwords are logged in cleartext at startup - CVE-2015-1457: Local file system disclosure - CVE-2015-1459: XSS vulnerability Vulnerability Impact: An attacker can exploit these issues to execute arbitrary script code in the context of the vulnerable site, potentially allowing the attacker to steal cookie-based authentication credentials, execute arbitrary commands and gain access to potentially sensitive information. Affected Software/OS: Fortinet FortiAuthenticator prior to version 3.2.1 Solution: Update to version 3.2.1 or later. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2015-1455 BugTraq ID: 72378 http://www.securityfocus.com/bid/72378 http://packetstormsecurity.com/files/130156/Fortinet-FortiAuthenticator-XSS-Disclosure-Bypass.html http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiAuthenticator_Multiple_Vulnerabilities.pdf Common Vulnerability Exposure (CVE) ID: CVE-2015-1456 Common Vulnerability Exposure (CVE) ID: CVE-2015-1457 XForce ISS Database: fortinetfortiauthenticator-dig-info-disc(100560) https://exchange.xforce.ibmcloud.com/vulnerabilities/100560 Common Vulnerability Exposure (CVE) ID: CVE-2015-1458 XForce ISS Database: fortinetfortiauthenticator-shell-sec-bypass(100559) https://exchange.xforce.ibmcloud.com/vulnerabilities/100559 Common Vulnerability Exposure (CVE) ID: CVE-2015-1459 http://secunia.com/advisories/62836 XForce ISS Database: fortinetfortiauthenticator-scep-xss(100561) https://exchange.xforce.ibmcloud.com/vulnerabilities/100561
Copyright	Copyright (C) 2015 Greenbone AG

Dies ist nur einer von 146377 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus. Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.