CVE-2017-7737 SNMPv3 user password reflected on HTML source

Summary

The HTML source code of the FortiWeb SNMPv3 user edit webui page includes the user's password in cleartext.

Affected Products

FortiWeb 5.8.2 and below until 5.4.1.

Solutions

Upgrade to FortiWeb version 5.8.3

Acknowledgement

Fortinet is pleased to thank Florian NIVETTE of Sysdream for reporting this vulnerability under responsible disclosure.