FortiADCManager - plain text password in a log file when an admin user create a new user Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-19-244 Final 1 1 2021-04-06T00:00:00 Current version 2021-04-06T00:00:00 2021-04-06T00:00:00 A clear text storage of sensitive information into log file vulnerability in FortiADCManager and FortiADC may allow a remote authenticated attacker to read other local users' password in log files. Information disclosure FortiADCManager versions 5.3.0 and below.FortiADCManager versions 5.2.1 and below.FortiADC versions 5.3.7 and below. Please upgrade to FortiADCManager versions 5.4.0 or above.Please upgrade to FortiADC versions 5.4.0 or above. Fortinet is pleased to thank Danilo Costa from PBI Dynamic IT Security for reporting this vulnerability under responsible disclosure CVE-2021-24024 4.3 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-19-244 FortiADCManager - plain text password in a log file when an admin user create a new user Reference>