all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

FortiSIEM - Encrypted password stored in logs

Add to bookmarks
Nov. 14, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

An insertion of sensitive information into log file vulnerability [CWE-532] in FortiSIEM may allow an authenticated user to view an encrypted ElasticSearch password via debug log files generated when FortiSIEM is configured with ElasticSearch Event Storage.

cwe debug elasticsearch encrypted event file files fortisiem generated information log log files logs may password sensitive sensitive information storage vulnerability

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiMail - User can see and modify address book folders title of other users 3 weeks, 1 day ago | fortiguard.fortinet.com
address attacker authorization book +8
FortiClient (Windows) - DLL Hijacking via openssl.cnf 3 weeks, 1 day ago | fortiguard.fortinet.com
attack attacker cwe dll +14
FortiMail - Login mechanism without rate limitation 3 weeks, 1 day ago | fortiguard.fortinet.com
attack attacker authentication brute +10
FortiOS & FortiProxy - DOS in headers management 3 weeks, 1 day ago | fortiguard.fortinet.com
attack attacker cwe device +13
FortiADC & FortiDDoS-F - CORS: arbitrary origin trusted 3 weeks, 1 day ago | fortiguard.fortinet.com
actions api attacker cors +15
FortiClient (Windows) - Arbitrary file deletion from unprivileged users 3 weeks, 1 day ago | fortiguard.fortinet.com
attacker authorization cwe deletion +9
FortiClient for Windows - Hardcoded credentials in vcm2.exe 3 weeks, 1 day ago | fortiguard.fortinet.com
attacker bypass credentials cwe +8
FortiEDRCollector (Windows) - Protection may be disabled by local attacker 3 weeks, 1 day ago | fortiguard.fortinet.com
access access control attacker control +15
FortiManager & FortiAnalyzer - Use of hardcoded credentials in fmgsvrd 3 weeks, 1 day ago | fortiguard.fortinet.com
access attacker credentials cwe +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Security Specialist

@ Protect Democracy | Remote, US
View on infosec-jobs.com

Sr Staff Software Engineer (L7- Network Security)

@ Palo Alto Networks | Santa Clara, CA, United States
View on infosec-jobs.com

Cyber Threat Analyst, Senior

@ ManTech | 221BQ - Cstmr Site,Springfield,VA
View on infosec-jobs.com

Security Architect

@ Netcompany | Birmingham, United Kingdom
View on infosec-jobs.com

Sr. Security Architect

@ Datavant | Remote, United States
View on infosec-jobs.com

Cybersecurity Services Sales Executive

@ Rockwell Automation | United States of America Milwaukee (South 2nd Street)
View on infosec-jobs.com
View more jobs