Weak password hashing method in /etc/shadow Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-456 Final 1 1 2023-05-03T00:00:00 Current version 2023-05-03T00:00:00 2023-05-03T00:00:00 An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC may allow a local attacker with system access to retrieve users' passwords. None Improper access control At leastFortiNAC version 9.4.0 through 9.4.1FortiNAC version 9.2.0 through 9.2.6FortiNAC version 9.1.0 through 9.1.8FortiNAC 8.8 all versionsFortiNAC 8.7 all versionsFortiNAC 8.6 all versions are not affectedFortiNAC 8.5 all versions are not affectedFortiNAC version 7.2.0 Please upgrade to FortiNAC-F version 7.2.1 or abovePlease upgrade to FortiNAC version 9.4.2 or abovePlease upgrade to FortiNAC version 9.2.7 or aboveAfter the upgrade, the CLI account password should be changed.To know which accounts require a new password, the following command can be run:grep ":\$1" /etc/shadowThen, login to the CLI with that user and type "passwd" to change the password and update the hash. Fortinet is pleased to thank KPN for bringing this issue to our attention under responsible disclosure. FortiNAC 9.4.1 FortiNAC 9.4.0 FortiNAC 9.2.6 FortiNAC 9.2.5 FortiNAC 9.2.4 FortiNAC 9.2.3 FortiNAC 9.2.2 FortiNAC 9.2.1 FortiNAC 9.2.0 FortiNAC 9.1.8 FortiNAC 9.1.7 FortiNAC 9.1.6 FortiNAC 9.1.5 FortiNAC 9.1.4 FortiNAC 9.1.3 FortiNAC 9.1.2 FortiNAC 9.1.1 FortiNAC 9.1.0 FortiNAC 8.8.11 FortiNAC 8.8.10 FortiNAC 8.8.9 FortiNAC 8.8.8 FortiNAC 8.8.7 FortiNAC 8.8.6 FortiNAC 8.8.5 FortiNAC 8.8.4 FortiNAC 8.8.3 FortiNAC 8.8.2 FortiNAC 8.8.1 FortiNAC 8.8.0 FortiNAC 8.7.6 FortiNAC 8.7.5 FortiNAC 8.7.4 FortiNAC 8.7.3 FortiNAC 8.7.2 FortiNAC 8.7.1 FortiNAC 8.7.0 FortiNAC 7.2.0 CVE-2022-45859 FortiNAC-9.4.1 FortiNAC-9.4.0 FortiNAC-9.2.6 FortiNAC-9.2.5 FortiNAC-9.2.4 FortiNAC-9.2.3 FortiNAC-9.2.2 FortiNAC-9.2.1 FortiNAC-9.2.0 FortiNAC-9.1.8 FortiNAC-9.1.7 FortiNAC-9.1.6 FortiNAC-9.1.5 FortiNAC-9.1.4 FortiNAC-9.1.3 FortiNAC-9.1.2 FortiNAC-9.1.1 FortiNAC-9.1.0 FortiNAC-8.8.11 FortiNAC-8.8.10 FortiNAC-8.8.9 FortiNAC-8.8.8 FortiNAC-8.8.7 FortiNAC-8.8.6 FortiNAC-8.8.5 FortiNAC-8.8.4 FortiNAC-8.8.3 FortiNAC-8.8.2 FortiNAC-8.8.1 FortiNAC-8.8.0 FortiNAC-8.7.6 FortiNAC-8.7.5 FortiNAC-8.7.4 FortiNAC-8.7.3 FortiNAC-8.7.2 FortiNAC-8.7.1 FortiNAC-8.7.0 FortiNAC-7.2.0 3.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N/E:F/RL:X/RC:R https://fortiguard.fortinet.com/psirt/FG-IR-22-456 Weak password hashing method in /etc/shadow Reference>