FortiWeb SNMPv3 user password viewable in HTML source code
Summary
The HTML source code of the FortiWeb SNMPv3 user edit webui page includes the user's password in cleartext.
Affected Products
FortiWeb 5.8.2 and below until 5.4.1.Solutions
Upgrade to FortiWeb version 5.8.3Acknowledgement
Fortinet is pleased to thank Florian NIVETTE of Sysdream for reporting this vulnerability under responsible disclosure.