Headline
CVE-2023-25604: Fortiguard
An insertion of sensitive information into log file vulnerability in Fortinet FortiGuest 1.0.0 allows a local attacker to access plaintext passwords in the RADIUS logs.
** PSIRT Advisories**
FortiGuest - Password in clear text in RADIUS log
Summary
An insertion of sensitive information into log file [CWE-532] in the FortiGuest RADIUS logs may allow a local attacker to access plaintext passwords.
Version
Affected Products
Solutions
FortiGuest 1.0
1.0 all versions
Upgrade to 1.1.0 or above
Follow the recommended upgrade path using our tool at: https://docs.fortinet.com/upgrade-tool
Acknowledgement
Internally discovered and reported by Brian Andersen of Fortinet CSE team.
Timeline
2023-10-10: Initial publication