CVE-2016-8491
https://notcve.org/view.php?id=CVE-2016-8491
The presence of a hardcoded account named 'core' in Fortinet FortiWLC allows attackers to gain unauthorized read/write access via a remote shell. La presencia de una cuenta embebida llamada 'core' en Fortinet FortiWLC permite a atacantes obtener acceso de lectura/escritura no autorizado a través de una shell remota. • http://www.securityfocus.com/bid/94186 https://fortiguard.com/advisory/FG-IR-16-065 • CWE-798: Use of Hard-coded Credentials •
CVE-2016-7560
https://notcve.org/view.php?id=CVE-2016-7560
The rsyncd server in Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 has a hardcoded rsync account, which allows remote attackers to read or write to arbitrary files via unspecified vectors. El servidor rsyncd en Fortinet FortiWLC 6.1-2-29 y versiones anteriores, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0 y 8.2-4-0 tiene una cuenta rsync embebida, lo que permite a atacantes remotos leer o escribir archivos arbitrarios a través de vectores no especificados. • http://fortiguard.com/advisory/FG-IR-16-029 http://www.securityfocus.com/bid/93286 • CWE-798: Use of Hard-coded Credentials •
CVE-2016-7561
https://notcve.org/view.php?id=CVE-2016-7561
Fortinet FortiWLC 6.1-2-29 and earlier, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 allow administrators to obtain sensitive user credentials by reading the pam.log file. Fortinet FortiWLC 6.1-2-29 y versiones anteriores, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0 y 8.2-4-0 permiten a administradores obtener credenciales sensibles de usuarios leyendo el archivo pam.log. • http://fortiguard.com/advisory/FG-IR-16-030 http://www.securityfocus.com/bid/93282 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •