FortiManager Unencrypted Password Vulnerability

Summary

A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.

Affected Products

FortiManager 5.2.0 to 5.2.7, 5.4.0 and 5.4.1

Solutions

Upgrade to 5.2.8 or above.
Upgrade to 5.4.2 or above.

Acknowledgement

Fortinet thanks Pavel German for reporting this vulnerability.