An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS versions 6.4.6 and below may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://fortiguard.com/advisory/FG-IR-21-074 |
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2021-11-02T17:41:08
Updated: 2024-08-04T02:59:31.358Z
Reserved: 2021-09-13T00:00:00
Link: CVE-2021-41019
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2021-11-02T18:15:08.660
Modified: 2021-11-04T18:29:35.607
Link: CVE-2021-41019
Redhat
No data.