Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
fortinetFortiGuard LabsFG-IR-22-447
HistoryMar 07, 2023 - 12:00 a.m.

FortiAnalyzer -- the log-fetch client request password is shown in clear text in the heartbeat response

2023-03-0700:00:00
FortiGuard Labs
www.fortiguard.com
11
fortianalyzer
log-fetch
password
exposure
vulnerability

EPSS

0.001

Percentile

35.9%

JSON

An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzer

Related

cve 1
prion 1
cvelist 1
nvd 1
cve
cve
CVE-2023-23776
2023-03-07 17:15:12
prion
prion
Design/Logic Flaw
2023-03-07 17:15:00
cvelist
cvelist
CVE-2023-23776
2023-03-07 16:04:45
nvd
nvd
CVE-2023-23776
2023-03-07 17:15:12

EPSS

0.001

Percentile

35.9%

JSON
Related for FG-IR-22-447
cve1prion1cvelist1nvd1