CVE-2023-40715

Name of the Vulnerable Software and Affected Versions FortiTester versions 2.3.0 through 7.2.3

Description A cleartext storage of sensitive information issue may allow an attacker with access to the database contents to retrieve the plaintext password of external servers configured in the device. This issue is related to the storage of confidential information in an unencrypted manner, which could permit an unauthorized party to gain access to protected information.

Recommendations For FortiTester versions 2.3.0 through 7.2.3, consider restricting access to the database contents to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit the configuration of external servers in the device to reduce the potential impact. At the moment, there is no information about a newer version that contains a fix for this vulnerability.