Weak password hashing method in /etc/shadow


An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC may allow a local attacker with system access to retrieve users' passwords.

Affected Products

At least
FortiNAC-F version 7.2.0
FortiNAC version 9.4.0 through 9.4.1
FortiNAC version 9.2.0 through 9.2.6
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions


Please upgrade to FortiNAC-F version 7.2.1 or above
Please upgrade to FortiNAC version 9.4.2 or above
Please upgrade to FortiNAC version 9.2.7 or above

After the upgrade, the CLI account password should be changed.
To know which accounts require a new password, the following command can be run:

grep ":\$1" /etc/shadow

Then, login to the CLI with that user and type "passwd" to change the password and update the hash.


Fortinet is pleased to thank KPN for bringing this issue to our attention under responsible disclosure.


2023-04-13: Initial publication