CVE-2022-43954

Name of the Vulnerable Software and Affected Versions FortiPortal versions 7.0.0 through 7.0.2

Description The issue is related to an insertion of sensitive information into log files, which may allow a remote authenticated attacker to read other devices' passwords in the audit log page. This is due to insufficient protection of registration data. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. The vulnerability is related to the FortiPortal management interface, where a remote authenticated attacker may gain access to information about account passwords.

Recommendations For FortiPortal versions 7.0.0 through 7.0.2, consider restricting access to the audit log page until a patch is available. As a temporary workaround, avoid using the FortiPortal management interface for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.