FortiManager Unencrypted Password Vulnerability


A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.

Affected Products

FortiManager 5.2.0 to 5.2.7, 5.4.0 and 5.4.1


Upgrade to 5.2.8 or above.
Upgrade to 5.4.2 or above.


Fortinet thanks Pavel German for reporting this vulnerability.