PSIRT Advisories

Potential sensitive information can be displayed in cleartext in FortiProxy CLI window


A cleartext storage of sensitive information vulnerability in FortiProxy command line interface may allow an authenticated attacker to obtain sensitive information such as VPN user's passwords by connecting to FortiProxy CLI and executing the "diagnose sys ha checksum show" command.

Affected Products

FortiProxy version 2.0.0 FortiProxy versions 1.2.9 and below. FortiProxy versions 1.1.6 and below. FortiProxy versions 1.0.7 and below.


Please upgrade to FortiProxy versions 2.0.1 or above. Please upgrade to FortiProxy versions 1.2.10 or above.


Fortinet is pleased to thank Shaun Farrow for reporting this vulnerability under responsible disclosure.