FortiSIEM - Encrypted password stored in logs

Summary

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

 

Affected Products

FortiSIEM version 7.0.0
FortiSIEM version 6.7.0 through 6.7.6
FortiSIEM version 6.6.0 through 6.6.3
FortiSIEM version 6.5.0 through 6.5.1
FortiSIEM version 6.4.0 through 6.4.2
FortiSIEM 6.3 all versions
FortiSIEM 6.2 all versions
FortiSIEM 6.1 all versions
FortiSIEM 5.4 all versions
FortiSIEM 5.3 all versions
 

Acknowledgement

Internally discovered and reported by Jingjin Zhu

Timeline

2023-11-07: Initial publication