CVE-2024-32122 — Storing Passwords in a Recoverable Format in Fortinet Fortios

CWE-257 — Storing Passwords in a Recoverable Format4 documents4 sources

Severity

4.4MEDIUMNVD

CNA2.3

EPSS

0.1%

top 75.35%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fortinet Fortios

Timeline

PublishedApr 8

Description

A storing passwords in a recoverable format in Fortinet FortiOS 7.4.0 through 7.4.8, FortiOS 7.2 all versions, FortiOS 7.0 all versions, FortiOS 6.4 all versions allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 0.8 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5fortinet/fortios7.4.0 — 7.4.8+3

▶NVDfortinet/fortios6.4.0 — 6.4.16+3

🔴Vulnerability Details

CVEList

CVE-2024-32122: A storing passwords in a recoverable format in Fortinet FortiOS 7↗2025-04-08

▶

GHSA

GHSA-79gc-w327-w4f2: A storing passwords in a recoverable format in Fortinet FortiOS versions 7↗2025-04-08

▶

📋Vendor Advisories

Fortinet

LDAP Clear-text credentials retrievable with IP modification↗2025-04-08

▶