CVE-2021-24024

Name of the Vulnerable Software and Affected Versions FortiADCManager versions 5.3.0 and below FortiADCManager version 5.2.1 and below FortiADC versions 5.3.7 and below

Description The issue is related to the storage of sensitive information in clear text in log files. This may allow a remote authenticated attacker to read other local users' passwords from the log files. The vulnerability is associated with the web management tool of the FortiADC Manager application controller.

Recommendations For FortiADCManager versions 5.3.0 and below, consider restricting access to log files until a fix is available. For FortiADCManager version 5.2.1 and below, restrict access to log files to minimize the risk of exploitation. For FortiADC versions 5.3.7 and below, avoid using the web management tool for sensitive operations until the issue is resolved. As a temporary workaround, consider disabling the logging of sensitive information in the FortiADC Manager and FortiADC until a patch is available.