2.3 CVE-2024-32122
A storing passwords in a recoverable format in Fortinet FortiOS versions 7.2.0 through 7.2.1 allows attacker to information disclosure via modification of LDAP server IP to point to a malicious server.
https://nvd.nist.gov/vuln/detail/CVE-2024-32122
Categories
CWE-257 : Storing Passwords in a Recoverable Format
The storage of passwords in a recoverable format makes them subject to password reuse attacks by malicious users. In fact, it should be noted that recoverable encrypted passwords provide no significant benefit over plaintext passwords since they are subject not only to reuse by malicious attackers but also by malicious insiders. If a system administrator can recover a password directly, or use a brute force search on the available information, the administrator can use the password on other accounts. Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.) Use strong, non-reversible encryption to protect stored passwords. A messaging platform serializes all elements of User/Group objects, making private information available to adversaries
References
CPE
| cpe |
start |
end |
| Configuration 1 |
| cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
>= 6.4.0 |
<= 6.4.16 |
| cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
>= 7.0.0 |
<= 7.0.17 |
| cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
>= 7.2.0 |
<= 7.2.11 |
| cpe:2.3:o:fortinet:fortios:*:*:*:*:*:*:*:* |
>= 7.4.0 |
<= 7.4.7 |
REMEDIATION
EXPLOITS
Exploit-db.com
| id |
description |
date |
|
| No known exploits |
POC Github
Other Nist (github, ...)
CAPEC
Common Attack Pattern Enumerations and Classifications
| id |
description |
severity |
| 49 |
Password Brute Forcing
An adversary tries every possible value for a password until they succeed. A brute force attack, if feasible computationally, will always be successful because it will essentially go through all possible passwords given the alphabet used (lower case letters, upper case letters, numbers, symbols, etc.) and the maximum length of the password. [Determine application's/system's password policy] Determine the password policies of the target application/system. [Brute force password] Given the finite space of possible passwords dictated by the password policy determined in the previous step, try all possible passwords for a known user ID until application/system grants access. |
High |
MITRE
Techniques
| id |
description |
| T1110.001 |
Brute Force:Password Guessing |
| © 2022 The MITRE Corporation. This work is reproduced and distributed with the permission of The MITRE Corporation. |
Mitigations
| id |
description |
| M1051 |
Upgrade management services to the latest supported and compatible version. Specifically, any version providing increased password complexity or policy enforcement preventing default or weak passwords. |
| © 2022 The MITRE Corporation. Esta obra se reproduce y distribuye con el permiso de The MITRE Corporation. |
Cybersecurity needs ?
Strengthen software security from the outset with our DevSecOps expertise
Integrate security right from the start of the software development cycle for more robust applications and greater customer confidence.
Our team of DevSecOps experts can help you secure your APIs, data pipelines, CI/CD chains, Docker containers and Kubernetes deployments.
Discover this offer
