FortiGuest - Password in clear text in RADIUS log

Summary

An insertion of sensitive information into log file [CWE-532] in the FortiGuest RADIUS logs may allow a local attacker to access plaintext passwords.

Version Affected Solution
FortiGuest 1.0 1.0 all versions Upgrade to 1.1.0 or above

Acknowledgement

Internally discovered and reported by Brian Andersen of Fortinet CSE team.

Timeline

2023-10-10: Initial publication