The vulnerability of the Scan Profile component of the FortiWeb web application vulnerability scanning module allows a hacker to obtain user credentials.

The vulnerability of the Scan Profile component of the FortiWeb web application vulnerability scanning module is related to insufficient protection of user credentials. Exploiting this vulnerability can allow a malicious actor to obtain user credentials remotely...

CVE-2020-15942

An information disclosure vulnerability in Web Vulnerability Scan profile of Fortinet's FortiWeb version 6.2.x below 6.2.4 and version 6.3.x below 6.3.5 may allow a remote authenticated attacker to read the password used by the FortiWeb scanner to access the device defined in the scan profile...