PSIRT Advisories

FortiPortal - Device password exposure in audit log

Summary

An insertion of sensitive information into log file vulnerability [CWE-532] in the FortiPortal management interface may allow a remote authenticated attacker to read other devices' passwords in the audit log page.

Affected Products

FortiPortal version 7.0.0 through 7.0.2

Solutions

Please upgrade to FortiPortal version 7.0.3 or above