FortiNAC - Weak password hashing method in /etc/shadow
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC may allow a local attacker with system access to retrieve users' passwords.
FortiNAC-F version 7.2.0
FortiNAC version 9.4.0 through 9.4.1
FortiNAC version 9.2.0 through 9.2.6
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
Please upgrade to FortiNAC-F version 7.2.1 or above
Please upgrade to FortiNAC version 9.4.2 or above
Please upgrade to FortiNAC version 9.2.7 or above
After the upgrade, the CLI account password should be changed.
To know which accounts require a new password, the following command can be run:
grep ":\$1" /etc/shadow
Then, login to the CLI with that user and type "passwd" to change the password and update the hash.