FortiOS Flaw Allows Bypass of LDAP Authentication

FortiOS Flaw Allows Bypass of LDAP Authentication

Posted on By CWS

A critical security vulnerability in FortiOS, identified as CVE-2026-22153, has been disclosed by Fortinet. This flaw potentially allows attackers to bypass LDAP authentication, affecting Agentless VPN and Fortinet Single Sign-On (FSSO) policies.

Understanding the Vulnerability

The vulnerability, classified as CWE-305 for authentication bypass, exists within the fnbamd daemon of FortiOS. It specifically requires certain configurations of LDAP servers that permit unauthenticated binds, which can be exploited by attackers to gain unauthorized access.

Improper processing of LDAP authentication requests is at the core of this issue. When certain server setups allow anonymous binds, attackers could leverage this weakness to access protected networks without valid authentication credentials.

Impact and Severity

This security flaw is rated as High severity by Fortinet, with a CVSS v3.1 score highlighting the ease of network access but noting a moderate level of attack complexity. The primary risk involves unauthorized access to networks via SSL-VPN components, posing a significant threat to network security.

The affected versions are FortiOS 7.6.0 through 7.6.4. Other versions such as 8.0, 7.4, 7.2, 7.0, and 6.4 are not impacted. Fortinet advises administrators to upgrade to FortiOS 7.6.5 or later to address this vulnerability.

Mitigation and Recommendations

To mitigate the risk, administrators should disable unauthenticated binds on LDAP servers. For Windows Active Directory environments (Server 2019 and newer), a PowerShell command can be used to enforce this setting:

$configDN = (Get-ADRootDSE).configurationNamingContext
$dirSvcDN = "CN=Directory Service,CN=Windows NT,CN=Services,$configDN"
Set-ADObject -Identity $dirSvcDN -Add @{'msDS-Other-Settings'='DenyUnauthenticatedBind=1'}

This vulnerability was responsibly disclosed by Jort Geurts from the Actemium Cyber Security Team. Fortinet has published an advisory urging immediate patch application for SSL-VPN setups relying on LDAP integration to prevent potential security breaches.

Stay informed with the latest cybersecurity updates by following us on Google News, LinkedIn, and X. Contact us to share your cybersecurity stories.

Cyber Security News Tags:, , , , , , , , , , , , ,

Related Posts

Instagram Data Leak Exposes Sensitive Info of 17.5M Accounts Instagram Data Leak Exposes Sensitive Info of 17.5M Accounts Cyber Security News
Beware of PNB MetLife Payment Gateway that Steals Your Details and Direct to UPI Payments Beware of PNB MetLife Payment Gateway that Steals Your Details and Direct to UPI Payments Cyber Security News
Evolution of DDoS Attacks Mitigation Strategies for 2025 Evolution of DDoS Attacks Mitigation Strategies for 2025 Cyber Security News
10,000+ Fortinet Firewalls Still Exposed to 5-year Old MFA Bypass Vulnerability 10,000+ Fortinet Firewalls Still Exposed to 5-year Old MFA Bypass Vulnerability Cyber Security News
Hackers Registered 18,000 Holiday-Themed Domains Targeting ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale’ Hackers Registered 18,000 Holiday-Themed Domains Targeting ‘Christmas,’ ‘Black Friday,’ and ‘Flash Sale’ Cyber Security News
3 Steps to Beat Burnout in Your SOC and Solve Incidents Faster  3 Steps to Beat Burnout in Your SOC and Solve Incidents Faster  Cyber Security News