FortiAnalyzer & FortiManager - Forticloud credentials observed in cleartext in the logfile
Summary
An information disclosure vulnerability [CWE-200] in FortiAnalyzer and FortiManager VM may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.
Affected Products
FortiManager version 7.0.0.
FortiManager versions 6.4.6 and below.
FortiAnalyzer version 7.0.0.
FortiAnalyzer versions 6.4.6 and below.
Solutions
Please upgrade to FortiManager version 6.4.7 or above.
Please upgrade to FortiManager version 7.0.1 or above.
Please upgrade to FortiAnalyzer version 6.4.7 or above.
Please upgrade to FortiAnalyzer version 7.0.1 or above.