PSIRT Advisories

FortiWeb SNMPv3 user password viewable in HTML source code


The HTML source code of the FortiWeb SNMPv3 user edit webui page includes the user's password in cleartext.

Affected Products

FortiWeb 5.8.2 and below until 5.4.1


Upgrade to FortiWeb version 5.8.3


Fortinet is pleased to thank Florian NIVETTE of Sysdream for reporting this vulnerability under responsible disclosure.