CVE-2023-23776
07.03.2023, 17:15
An exposure of sensitive information to an unauthorized actor [CWE-200] vulnerability in FortiAnalyzer versions 7.2.0 through 7.2.1, 7.0.0 through 7.0.4 and 6.4.0 through 6.4.10 may allow a remote authenticated attacker to read the client machine password in plain text in a heartbeat response when a log-fetch request is made from the FortiAnalyzerEnginsight
| Vendor | Product | Version |
|---|---|---|
| fortinet | fortianalyzer | 6.4.0 ≤ 𝑥 < 6.4.11 |
| fortinet | fortianalyzer | 7.0.0 ≤ 𝑥 < 7.0.5 |
| fortinet | fortianalyzer | 7.2.0 ≤ 𝑥 < 7.2.2 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
- CWE-312 - Cleartext Storage of Sensitive InformationThe product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.