FortiNAC - Weak password storage
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-22-265
Final
1
1
2023-02-16T00:00:00
Current version
2023-02-16T00:00:00
2023-02-16T00:00:00
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC may allow an attacker with access to the database to perform attacks to recover the passwords.
None
Information disclosure
FortiNAC version 9.4.0 FortiNAC version 9.2.0 through 9.2.5 FortiNAC version 9.1.0 through 9.1.7 FortiNAC 8.8 all versions FortiNAC 8.7 all versions FortiNAC 8.6 all versions FortiNAC 8.5 all versions FortiNAC 8.3 all versions
Please upgrade to FortiNAC-F version 7.2.0 or above Please upgrade to FortiNAC version 9.4.1 or above Please upgrade to FortiNAC version 9.2.6 or above Please upgrade to FortiNAC version 9.1.8 or above
Internally discovered by Gwendal Guégniaud from Fortinet Product Security Team.
FortiNAC 9.4.0
FortiNAC 9.2.5
FortiNAC 9.2.4
FortiNAC 9.2.3
FortiNAC 9.2.2
FortiNAC 9.2.1
FortiNAC 9.2.0
FortiNAC 9.1.7
FortiNAC 9.1.6
FortiNAC 9.1.5
FortiNAC 9.1.4
FortiNAC 9.1.3
FortiNAC 9.1.2
FortiNAC 9.1.1
FortiNAC 9.1.0
FortiNAC 8.8.11
FortiNAC 8.8.10
FortiNAC 8.8.9
FortiNAC 8.8.8
FortiNAC 8.8.7
FortiNAC 8.8.6
FortiNAC 8.8.5
FortiNAC 8.8.4
FortiNAC 8.8.3
FortiNAC 8.8.2
FortiNAC 8.8.1
FortiNAC 8.8.0
FortiNAC 8.7.6
FortiNAC 8.7.5
FortiNAC 8.7.4
FortiNAC 8.7.3
FortiNAC 8.7.2
FortiNAC 8.7.1
FortiNAC 8.7.0
FortiNAC 8.6.5
FortiNAC 8.6.4
FortiNAC 8.6.3
FortiNAC 8.6.2
FortiNAC 8.6.1
FortiNAC 8.6.0
FortiNAC 8.5.4
FortiNAC 8.5.3
FortiNAC 8.5.2
FortiNAC 8.5.1
FortiNAC 8.5.0
FortiNAC 8.3.7
FortiNAC - Weak password storage
CVE-2022-40678
FortiNAC-9.4.0
FortiNAC-9.2.5
FortiNAC-9.2.4
FortiNAC-9.2.3
FortiNAC-9.2.2
FortiNAC-9.2.1
FortiNAC-9.2.0
FortiNAC-9.1.7
FortiNAC-9.1.6
FortiNAC-9.1.5
FortiNAC-9.1.4
FortiNAC-9.1.3
FortiNAC-9.1.2
FortiNAC-9.1.1
FortiNAC-9.1.0
FortiNAC-8.8.11
FortiNAC-8.8.10
FortiNAC-8.8.9
FortiNAC-8.8.8
FortiNAC-8.8.7
FortiNAC-8.8.6
FortiNAC-8.8.5
FortiNAC-8.8.4
FortiNAC-8.8.3
FortiNAC-8.8.2
FortiNAC-8.8.1
FortiNAC-8.8.0
FortiNAC-8.7.6
FortiNAC-8.7.5
FortiNAC-8.7.4
FortiNAC-8.7.3
FortiNAC-8.7.2
FortiNAC-8.7.1
FortiNAC-8.7.0
FortiNAC-8.6.5
FortiNAC-8.6.4
FortiNAC-8.6.3
FortiNAC-8.6.2
FortiNAC-8.6.1
FortiNAC-8.6.0
FortiNAC-8.5.4
FortiNAC-8.5.3
FortiNAC-8.5.2
FortiNAC-8.5.1
FortiNAC-8.5.0
FortiNAC-8.3.7
7.4
CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:U/RC:C
https://fortiguard.fortinet.com/psirt/FG-IR-22-265
FortiNAC - Weak password storage
Reference>