Fortinet black logo

New Features

Add tests for high priority vulnerabilities 7.0.1

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:22656
Download PDF

Add tests for high priority vulnerabilities 7.0.1

Two new Security Rating tests pertaining to access control and authentication have been added to mitigate high priority vulnerabilities: LDAP Server Identity Check and Disable Username Sensitivity Check. These tests are located in the Security Posture scorecard.

LDAP Server Identity Check ensures that certificate validation takes place against an LDAP server.

In this result, the test is marked as Failed because the Server identity check setting (set server-identity-check) is disabled in the LDAP server settings.

In this result, the test is marked as Passed because the Server identity check setting (set server-identity-check) is enabled in the LDAP server settings.

Disable Username Sensitivity Check ensures that users cannot bypass two-factor authentication with a username that has a different case than the configured user object.

In this result, the test is marked as Failed because in the local user settings, username-sensitivity is set to enable.

In this result, the test is marked as Passed because in the local user settings, username-sensitivity is set to disable.

Add tests for high priority vulnerabilities 7.0.1

Two new Security Rating tests pertaining to access control and authentication have been added to mitigate high priority vulnerabilities: LDAP Server Identity Check and Disable Username Sensitivity Check. These tests are located in the Security Posture scorecard.

LDAP Server Identity Check ensures that certificate validation takes place against an LDAP server.

In this result, the test is marked as Failed because the Server identity check setting (set server-identity-check) is disabled in the LDAP server settings.

In this result, the test is marked as Passed because the Server identity check setting (set server-identity-check) is enabled in the LDAP server settings.

Disable Username Sensitivity Check ensures that users cannot bypass two-factor authentication with a username that has a different case than the configured user object.

In this result, the test is marked as Failed because in the local user settings, username-sensitivity is set to enable.

In this result, the test is marked as Passed because in the local user settings, username-sensitivity is set to disable.