A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.
FortiManager 5.2.0 to 5.2.7, 5.4.0 and 5.4.1
Upgrade to 5.2.8 or above.
Upgrade to 5.4.2 or above.
Fortinet thanks Pavel German for reporting this vulnerability.