FortiMail 5.0.3 through 5.2.3 allows remote administrators to obtain credentials via the “diag debug application httpd” command.