SynopsisThe remote host is affected by a information disclosure vulnerability.
DescriptionThe version of FortiManager running on the remote device is 5.2.x and prior to 5.2.8 or 5.4.x and prior to 5.4.2. It is, therefore, affected by an information disclosure vulnerability due to a cleartext transmission of sensitive information in the REST API json responses. A user performing a man in the middle attack would be able to retrieve the admin password.
SolutionUpgrade to Fortinet FortiManager version 5.2.8 / 5.4.2 or later.