Information disclosure in Fortinet Fortiauthenticator

CVE-2015-1456

Fortinet FortiAuthenticator 3.0.0 logs the PostgreSQL usernames and passwords in cleartext, which allows remote administrators to obtain sensitive information by reading the log at debug/startup/.

Vulnerability class: Information Disclosure

EPSS: 0.003 (50.7th percentile) — read the EPSS interpretation.

Affected products

Fortinet Fortiauthenticator — versions 3.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

cve@mitre.org (x_refsource_MISC)
72378 (vdb-entry, x_refsource_BID)
cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_MISC)