Users passwords are retrievable in the UI Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-20-044 Final 1 1 2021-11-02T00:00:00 Current version 2021-11-02T00:00:00 2021-11-02T00:00:00 A cleartext storage of sensitive information in the GUI of FortiADC, FortiSIEM, FortiDDoS, FortiDDoS-CM and FortiDDoS-F may allow a remote authenticated attacker to retrieve some sensitive information such as users LDAP passwords, RADIUS shared secret and the Elastic Cloud database password by deobfuscating the passwords entry fields. Information disclosure FortiADC versions 6.0.0.FortiADC versions 5.x upto 5.4.3FortiSIEM versions 6.2.x, 6.1.x, 6.xFortiDDoS versions 5.4.x, 5.3.x, 5.2.x, 5.1.x, 5.0.xFortiDDoS-F versions 6.1.x, 6.0.x Please upgrade to FortiADC versions 5.4.4 or above.Please upgrade to FortiADC versions 6.0.1 or above.Please upgrade to FortiSIEM 6.3.0 or above.Please upgrade to FortiDDoS 5.5.0 or above.Please upgrade to FortiDDoS-F 6.2.0 or above. Fortinet is pleased to thank Harish Chowdary for reporting this vulnerability under responsible disclosure. CVE-2020-15935 4.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-20-044 Users passwords are retrievable in the UI Reference>