Windows agent password is visible in the logs Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-290 Final 1 1 2023-11-14T00:00:00 Current version 2023-11-14T00:00:00 2023-11-13T00:00:00 An exposure of sensitive information to an unauthorized actor [CWE-200] in FortiSIEM may allow an attacker with access to windows agent logs to obtain the windows agent password via searching through the logs. None Information disclosure FortiSIEM 7.1 all versions are not affectedFortiSIEM version 7.0.0FortiSIEM version 6.7.0 through 6.7.5FortiSIEM 6.6 all versions are not affectedFortiSIEM 6.5 all versions are not affectedFortiSIEM 6.4 all versions are not affectedFortiSIEM 6.3 all versions are not affectedFortiSIEM 6.2 all versions are not affectedFortiSIEM 6.1 all versions are not affectedFortiSIEM 5.4 all versions are not affectedFortiSIEM 5.3 all versions are not affected Please upgrade to FortiSIEM version 7.1.0 or abovePlease upgrade to FortiSIEM version 7.0.1 or abovePlease upgrade to FortiSIEM version 6.7.6 or above Internally discovered and reported by Darren Hart from FortiSIEMCloud development team. FortiSIEM 7.0.0 FortiSIEM 6.7.5 FortiSIEM 6.7.4 FortiSIEM 6.7.3 FortiSIEM 6.7.2 FortiSIEM 6.7.1 FortiSIEM 6.7.0 CVE-2023-41676 FortiSIEM-7.0.0 FortiSIEM-6.7.5 FortiSIEM-6.7.4 FortiSIEM-6.7.3 FortiSIEM-6.7.2 FortiSIEM-6.7.1 FortiSIEM-6.7.0 4.2 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-23-290 Windows agent password is visible in the logs Reference>