FortiClient Unencrypted Password Vulnerability Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-16-021 Final 1 1 2016-09-12T00:00:00 Current version 2016-09-12T00:00:00 2016-09-12T00:00:00 One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation could dump the credentials. One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation could dump the credentials. Credentials exposure. FortiClient 5.4.0 and below Upgrade to FortiClient 5.4.1  Fortinet is pleased to thank Alexander Korznikov for reporting this vulnerability under responsible disclosure.   https://fortiguard.fortinet.com/psirt/FG-IR-16-021 FortiClient Unencrypted Password Vulnerability Reference>