Headline
CVE-2023-37935: Fortiguard
A use of GET request method with sensitive query strings vulnerability in Fortinet FortiOS 7.0.0 - 7.0.12, 7.2.0 - 7.2.5 and 7.4.0 allows an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services.
** PSIRT Advisories**
FortiOS - Plain-text credentials in GET request via SSL VPN web portal
Summary
A use of GET request method with sensitive query strings vulnerability [CWE-598] in the FortiOS SSL VPN component may allow an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services (found in logs, referers, caches, etc…)
Affected Products
FortiOS version 7.4.0
FortiOS version 7.2.0 through 7.2.5
FortiOS version 7.0.0 through 7.0.12
Solutions
Please upgrade to FortiOS version 7.4.1 or above
Please upgrade to FortiOS version 7.2.6 or above
Please upgrade to upcoming FortiOS version 7.0.13 or above
Timeline
2023-09-29: Initial publication