FortiOS Flaw Allows Bypass of LDAP Authentication

FortiOS Flaw Allows Bypass of LDAP Authentication

Posted on By CWS

A critical security vulnerability in FortiOS, identified as CVE-2026-22153, has been disclosed by Fortinet. This flaw potentially allows attackers to bypass LDAP authentication, affecting Agentless VPN and Fortinet Single Sign-On (FSSO) policies.

Understanding the Vulnerability

The vulnerability, classified as CWE-305 for authentication bypass, exists within the fnbamd daemon of FortiOS. It specifically requires certain configurations of LDAP servers that permit unauthenticated binds, which can be exploited by attackers to gain unauthorized access.

Improper processing of LDAP authentication requests is at the core of this issue. When certain server setups allow anonymous binds, attackers could leverage this weakness to access protected networks without valid authentication credentials.

Impact and Severity

This security flaw is rated as High severity by Fortinet, with a CVSS v3.1 score highlighting the ease of network access but noting a moderate level of attack complexity. The primary risk involves unauthorized access to networks via SSL-VPN components, posing a significant threat to network security.

The affected versions are FortiOS 7.6.0 through 7.6.4. Other versions such as 8.0, 7.4, 7.2, 7.0, and 6.4 are not impacted. Fortinet advises administrators to upgrade to FortiOS 7.6.5 or later to address this vulnerability.

Mitigation and Recommendations

To mitigate the risk, administrators should disable unauthenticated binds on LDAP servers. For Windows Active Directory environments (Server 2019 and newer), a PowerShell command can be used to enforce this setting:

$configDN = (Get-ADRootDSE).configurationNamingContext
$dirSvcDN = "CN=Directory Service,CN=Windows NT,CN=Services,$configDN"
Set-ADObject -Identity $dirSvcDN -Add @{'msDS-Other-Settings'='DenyUnauthenticatedBind=1'}

This vulnerability was responsibly disclosed by Jort Geurts from the Actemium Cyber Security Team. Fortinet has published an advisory urging immediate patch application for SSL-VPN setups relying on LDAP integration to prevent potential security breaches.

Stay informed with the latest cybersecurity updates by following us on Google News, LinkedIn, and X. Contact us to share your cybersecurity stories.

Cyber Security News Tags:, , , , , , , , , , , , ,

Related Posts

Microsoft Brokering File System Vulnerability Let Attackers Escalate Privileges Microsoft Brokering File System Vulnerability Let Attackers Escalate Privileges Cyber Security News
DSPM vs. DLP : Understanding the Key Differences DSPM vs. DLP : Understanding the Key Differences Cyber Security News
New ClickFake Interview Attack Using ClickFix Technique to Deliver GolangGhost Malware New ClickFake Interview Attack Using ClickFix Technique to Deliver GolangGhost Malware Cyber Security News
Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users Microsoft to Disable Inline SVG Images Display to Outlook for Web and Windows Users Cyber Security News
Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations Threat Actors Deploying CoinMiner Malware via USB Drives Infecting Workstations Cyber Security News
New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware New APT28 Attack Via Signal Messenger Delivers BeardShell and Covenant Malware Cyber Security News