virus logo PSIRT

Password in clear text in RADIUS log

Summary

An insertion of sensitive information into log file [CWE-532] in the FortiGuest RADIUS logs may allow a local attacker to access plaintext passwords.

Version Affected Solution
FortiGuest 1.1 Not affected Not Applicable
FortiGuest 1.0 1.0 all versions Migrate to a fixed release

Acknowledgement

Internally discovered and reported by Brian Andersen of Fortinet CSE team.

Timeline

2023-10-10: Initial publication
IR Number FG-IR-23-052
Published Date Oct 10, 2023
Severity Medium
CVSSv3 Score 5.5
Impact Information disclosure
CVE ID
Download

CVRF

CSAF