Cleartext Disclosure of FortiCloud Credentials in FortiAnalyzerVM and FortiManagerVM

Cleartext Disclosure of FortiCloud Credentials in FortiAnalyzerVM and FortiManagerVM

CVE-2021-36170 · LOW Severity

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:L/I:N/A:N

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.

Learn more about our Cloud Audit.