FortiWLC PAM.log authenticated user information exposure Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-16-030 Final 1 1 2016-09-30T00:00:00 Current version 2016-09-30T00:00:00 2016-09-30T00:00:00 The pam.log file generated by FortiWLC contains authenticated users credentials (local admin and users authenticated against external servers). Users with admin privileges can access the pam.log file and read the credentials. The pam.log file generated by FortiWLC contains authenticated users credentials (local admin and users authenticated against external servers). Users with admin privileges can access the pam.log file and read the credentials. User credential exposure FortiWLC 6.1-2-29 and below, 7.0-9-1, 7.0-10-0, 8.0-5-0, 8.1-2-0, and 8.2-4-0 Depending on your version, apply the following patches:Below 6.1-2-29Update to 7.0-10-0 or above, and apply the corresponding patch.6.1-2-29meru-6.1-2-29-patch-bug03882497.0-9-1:meru-7.0-9-1-patch-bug03882497.0-10-0:meru-7.0-10-0-patch-bug03882498.0-5-0:meru-8.0-5-0-patch-bug03882498.1-2-0:meru-8.1-2-0-patch-bug03882498.2-4-0:meru-8.2-4-0-patch-bug0388249 Fortinet is pleased to thank University of Toronto for reporting this vulnerability under responsible disclosure. CVE-2016-7561 https://fortiguard.fortinet.com/psirt/FG-IR-16-030 FortiWLC PAM.log authenticated user information exposure Reference>