I am seeking clarity on this advisory.
A use of GET request method with sensitive query strings vulnerability [CWE-598] in the FortiOS SSL VPN component may allow an attacker to view plaintext passwords of remote services such as RDP or VNC, if the attacker is able to read the GET requests to those services (found in logs, referers, caches, etc...)
We have several employees who SSLVPN using the FortiGate VPN client. They then RDP to a Windows VM server. In this instances how can an attacker view the plaintext passwords using the GET request? As I understand a GET request is an http request and RDP uses protocol 3389. Fortinet Support was not helpful in explaining the logic behind the advisory. Can someone help me understand how an attacker can do this?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
That is correct.
you can disable the webmode as explained in https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-SSL-VPN-Web-Mode-or-Tunnel-...
In this example SSL-VPN Mode portal.
# config vpn ssl web portal
edit "SSLVPN Mode"
set web-mode disable <----- Unset web-mode.
end
end
When you say "FortiGate VPN client", do you mean they use FortiClient to connect to SSL VPN? If so, you are not affected by this vulnerability. This vulnerability only affects web-mode not tunnel mode.
Hi Suraj,
Thank you for clarifying. So this vulnerability only affects if you are using the Browser to sslvpn in correct?
That is correct.
Is there a way to block sslvpn through the browser from the Fortigate?
you can disable the webmode as explained in https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-SSL-VPN-Web-Mode-or-Tunnel-...
In this example SSL-VPN Mode portal.
# config vpn ssl web portal
edit "SSLVPN Mode"
set web-mode disable <----- Unset web-mode.
end
end
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1669 | |
1081 | |
752 | |
446 | |
224 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.