Summary
An information disclosure vulnerability in FortiWeb's Web Vulnerability Scan profile may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile.
Affected Products
FortiWeb version 6.2.3 and below.
FortiWeb version 6.3.4 and below.
Solutions
Please upgrade to version 6.2.4 or above.
Please upgrade to version 6.3.5 or above.
Acknowledgement
Fortinet is pleased to thank Danilo Costa for reporting this vulnerability under responsible disclosure.