PSIRT

FortiManager dvmdb/device REST API JSON password in cleartext

Summary

A cleartext transmission of sensitive information vulnerability in FortiManager may allow an unauthenticated attacker in a man in the middle position to retrieve the admin password via intercepting REST API JSON responses.

Affected Products

FortiManager 5.2.0 to 5.2.7, 5.4.0 and 5.4.1

Solutions

Upgrade to 5.2.8 or above.
Upgrade to 5.4.2 or above.

Acknowledgement

Fortinet thanks Pavel German for reporting this vulnerability.

IR Number	FG-IR-18-051
Published Date	Apr 23, 2019
Component	GUI
Severity	Low
CVSSv3 Score	4.3
Impact	Information disclosure
CVE ID	CVE-2018-1360
CVRF	Download

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

PSIRT

FortiManager dvmdb/device REST API JSON password in cleartext

Summary

Affected Products

Solutions

Acknowledgement

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

PSIRT

FortiManager dvmdb/device REST API JSON password in cleartext

Summary

Affected Products

Solutions

Acknowledgement

Threat Intelligence
Center