Skip to main content

Insufficiently Protected Credentials

CVE-2021-36170

Severity Low
Score 3.2/10

Summary

An information disclosure vulnerability [CWE-200] in FortiAnalyzerVM and FortiManagerVM versions 7.0.0 and 6.4.6 and below may allow an authenticated attacker to read the FortiCloud credentials which were used to activate the trial license in cleartext.

  • LOW
  • LOCAL
  • NONE
  • CHANGED
  • NONE
  • HIGH
  • LOW
  • NONE

CWE-522 - Insufficiently Protected Credentials

The product transmits or stores authentication credentials, but it uses an insecure method that is susceptible to unauthorized interception and/or retrieval.

References

Advisory Timeline

  • Published