Fortinet Discloses Cleartext Password Exposure in FortiMail, FortiVoice, and FortiRecorder Debug Logs
Fortinet has disclosed a cleartext storage vulnerability in debug logs of FortiMail, FortiVoice, and FortiRecorder that allows an authenticated administrator to extract plaintext user secrets via CLI commands.
Fortinet has disclosed a cleartext storage of sensitive information vulnerability (CWE-312) in the debug logs of FortiMail, FortiVoice, and FortiRecorder. The flaw, assigned a CVSS score of 3.8, allows an authenticated malicious administrator to obtain user secrets via CLI commands. The advisory was revised on March 10, 2026, and patches are available for most affected versions.
The vulnerability stems from the insecure storage of plaintext passwords in debug logs. An attacker with administrative access to the affected devices can leverage CLI commands to extract sensitive credentials that were inadvertently logged. This issue affects multiple versions of FortiMail, FortiVoice, and FortiRecorder, with specific version ranges detailed in the advisory.
FortiMail versions 7.6.0 through 7.6.2, 7.4.0 through 7.4.4, 7.2.0 through 7.2.7, and 7.0.0 through 7.0.8 are vulnerable. Users are advised to upgrade to FortiMail 7.6.3, 7.4.5, 7.2.8, or 7.0.9 respectively. FortiRecorder versions 7.2.0 through 7.2.3 are affected, with a fix available in 7.2.4; versions 7.0 and 6.4 are end-of-life and require migration to a supported release. FortiVoice versions 7.2.0 and 7.0.0 through 7.0.6 are vulnerable, with patches in 7.2.1 and 7.0.7; version 7.4 is not affected.
The vulnerability was discovered during an independent audit commissioned by Fortinet. While the CVSS score is relatively low due to the requirement for administrative access, the exposure of plaintext secrets could facilitate lateral movement or privilege escalation within an organization's network. Fortinet has not reported any active exploitation in the wild.
This disclosure follows a pattern of similar issues in Fortinet products. In recent months, Fortinet patched a hardcoded encryption key in FortiClient Windows that allowed local attackers to decrypt VPN passwords. The company has also addressed other debug log exposure issues in the past, highlighting the ongoing challenge of preventing sensitive data leakage in logging mechanisms.
Organizations using affected Fortinet products should prioritize patching to mitigate the risk. As a best practice, administrators should review debug log configurations and ensure that sensitive information is not inadvertently recorded. Fortinet's advisory provides detailed upgrade instructions for each product line.