Weak password hashing method in /etc/shadow
Summary
An insufficiently protected credentials vulnerability [CWE-522] in FortiNAC may allow a local attacker with system access to retrieve users' passwords.
Affected Products
At least
FortiNAC-F version 7.2.0
FortiNAC version 9.4.0 through 9.4.1
FortiNAC version 9.2.0 through 9.2.6
FortiNAC 9.1 all versions
FortiNAC 8.8 all versions
FortiNAC 8.7 all versions
Solutions
Please upgrade to FortiNAC-F version 7.2.1 or above
Please upgrade to FortiNAC version 9.4.2 or above
Please upgrade to FortiNAC version 9.2.7 or above
After the upgrade, the CLI account password should be changed.
To know which accounts require a new password, the following command can be run:
grep ":\$1" /etc/shadow
Then, login to the CLI with that user and type "passwd" to change the password and update the hash.
Acknowledgement
Fortinet is pleased to thank KPN for bringing this issue to our attention under responsible disclosure.Timeline
2023-05-03: Initial publication