PSIRT Advisory

FortiWeb SNMPv3 user password viewable in HTML source code

Summary

The HTML source code of the FortiWeb SNMPv3 user edit webui page includes the user's password in cleartext.

Impact

Information Disclosure

Affected Products

FortiWeb 5.8.2 and below until 5.4.1

Solutions

Upgrade to FortiWeb version 5.8.3

Acknowledgement

Fortinet is pleased to thank Florian NIVETTE of Sysdream for reporting this vulnerability under responsible disclosure.