Clear-text insertion of user's passwords into log files

Clear-text insertion of user's passwords into log files

Summary

A clear text storage of sensitive information into log file vulnerability in FortiADCManager and FortiADC may allow a remote authenticated attacker to read other local users' password in log files.

Impact

Information disclosure

Affected Products

FortiADCManager versions 5.3.0 and below. FortiADCManager versions 5.2.1 and below. FortiADC versions 5.3.7 and below.

Solutions

Please upgrade to FortiADCManager versions 5.4.0 or above. 
Please upgrade to FortiADC versions 5.4.0 or above.

Acknowledgement

Fortinet is pleased to thank Danilo Costa for reporting this vulnerability under responsible disclosure