Common vulnerabilities and Exposures (CVE)

Skip to main content

Required CVE Record Information

Description

A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.

CVSS 1 Total

Learn more
ScoreSeverityVersionVector String
5.2MEDIUM3.1CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:P/RL:X/RC:C

Product Status

Learn more

Versions 23 Total

Default Status: unaffected

affected

  • affected from 7.2.0 through 7.2.3 
  • affected from 7.1.0 through 7.1.1 
  • affected at 7.0.0 
  • affected from 4.2.0 through 4.2.1 
  • affected from 4.1.0 through 4.1.1 
  • affected at 4.0.0 
  • affected from 3.9.0 through 3.9.2 
  • affected at 3.8.0 
  • affected from 3.7.0 through 3.7.1 
  • affected at 3.6.0 
  • affected from 3.5.0 through 3.5.1 
  • affected at 3.4.0 
  • affected from 3.3.0 through 3.3.1 
  • affected at 3.2.0 
  • affected at 3.1.0 
  • affected at 3.0.0 
  • affected at 2.9.0 
  • affected at 2.8.0 
  • affected at 2.7.0 
  • affected at 2.6.0 
  • affected at 2.5.0 
  • affected from 2.4.0 through 2.4.1 
  • affected at 2.3.0 

Updated:

This container includes required additional information provided by the CVE Program for this vulnerability.

Authorized Data Publishers

Learn more