FortiAnalyzer & FortiManager - Forticloud credentials observed in cleartext in the logfile
An information disclosure vulnerability [CWE-200] in FortiAnalyzer and FortiManager VM may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
FortiManager version 7.0.0.
FortiManager versions 6.4.6 and below.
FortiAnalyzer version 7.0.0.
FortiAnalyzer versions 6.4.6 and below.
Please upgrade to FortiManager version 6.4.7 or above.
Please upgrade to FortiManager version 7.0.1 or above.
Please upgrade to FortiAnalyzer version 6.4.7 or above.
Please upgrade to FortiAnalyzer version 7.0.1 or above.