virus logo PSIRT

FortiClient Unencrypted Password Vulnerability

Summary

One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation could dump the credentials.

description-logo Description

One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation could dump the credentials.

Impact Detail

NOT RENDERED BY THE CMS

Affected Products

FortiClient 5.4.0 and below

Solutions

Upgrade to FortiClient 5.4.1  

Acknowledgement

Fortinet is pleased to thank Alexander Korznikov for reporting this vulnerability under responsible disclosure.    

IR Number FG-IR-16-021
Published Date Sep 12, 2016
Severity Low
Known Exploited No
Impact Credentials exposure.
Download

CVRF