Clear-text insertion of user's passwords into log files


A clear text storage of sensitive information into log file vulnerability in FortiADCManager and FortiADC may allow a remote authenticated attacker to read other local users' password in log files.

Affected Products

FortiADCManager versions 5.3.0 and below. FortiADCManager versions 5.2.1 and below. FortiADC versions 5.3.7 and below.


Please upgrade to FortiADCManager versions 5.4.0 or above. 
Please upgrade to FortiADC versions 5.4.0 or above.


Fortinet is pleased to thank Danilo Costa for reporting this vulnerability under responsible disclosure