FortiNAC - database harcoded credentials


A use of hard-coded credentials vulnerability [CWE-798] in FortiNAC may allow an authenticated attacker to access to the database via shell commands.

Affected Products

FortiNAC version 9.4.0 through 9.4.2
FortiNAC-F version 7.2.0
FortiNAC 9.2 all versions
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions


Please upgrade to FortiNAC version 9.4.3 or above
Please upgrade to FortiNAC-F version 7.2.1 or above


Fortinet is pleased to thank KPN for bringing this issue to our attention under responsible disclosure.


2023-04-13: Initial publication