FortiGuest - Password in clear text in RADIUS log


An insertion of sensitive information into log file [CWE-532] in the FortiGuest RADIUS logs may allow a local attacker to access plaintext passwords.

Version Affected Solution
FortiGuest 1.0 1.0 all versions Upgrade to 1.1.0 or above


Internally discovered and reported by Brian Andersen of Fortinet CSE team.


2023-10-10: Initial publication