Summary
A cleartext storage of sensitive information vulnerability in FortiProxy command line interface may allow an authenticated attacker to obtain sensitive information such as VPN user's passwords by connecting to FortiProxy CLI and executing the "diagnose sys ha checksum show" command.
Affected Products
FortiProxy version 2.0.0
FortiProxy versions 1.2.9 and below.
FortiProxy versions 1.1.6 and below.
FortiProxy versions 1.0.7 and below.
Solutions
Please upgrade to FortiProxy versions 2.0.1 or above.
Please upgrade to FortiProxy versions 1.2.10 or above.
Acknowledgement
Fortinet is pleased to thank Shaun Farrow for reporting this vulnerability under responsible disclosure.