First published: Wed Sep 13 2023(Updated: )
A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3 may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.
Credit: psirt@fortinet.com psirt@fortinet.com
Affected Software | Affected Version | How to fix |
---|---|---|
Fortinet FortiTester | >=2.3.0<=7.2.3 |
Please upgrade to FortiTester version 7.3.0 or above
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this issue is CVE-2023-40715.
The title of this vulnerability is 'A cleartext storage of sensitive information vulnerability [CWE-312] in FortiTester 2.3.0 through 7.2.3.'
The severity of CVE-2023-40715 is medium, with a severity value of 5.5.
This vulnerability may allow an attacker with access to the DB contents to retrieve the plaintext password of external servers configured in the device.
To fix this vulnerability, it is recommended to update FortiTester to a version that is above 7.2.3.