Password is sent to Client side Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-18-027 Final 1 1 2018-06-22T00:00:00 Current version 2018-06-22T00:00:00 2018-06-22T00:00:00 An information disclosure vulnerability exists in the SSL-VPN webportal of FortiOS: when pages bookmarked in the webportal use the Single sign-on (SSO) feature, the user's webportal's login and password are included in a javascript file sent client-side.The leaked credential may potentially be captured by an attacker if additional session handling, access control or cross-site scripting vulnerabilities were to be discovered in the SSL-VPN webportal, or in the applications within (or in case of client-side vulnerabilities, in the user's browser). Information disclosure FortiOS 6.0.0 and below versions Upgrade to FortiOS 5.6.6, 6.0.1 or versions after 6.0.1Workaround:Avoid using the SSO feature in FortiOS SSL VPN bookmarks, especially if the applications inside the SSL VPN webportal are untrusted. Fortinet is pleased to thank Stephan Neidhardt - link protect GmbH reporting this vulnerability under responsible disclosure. CVE-2018-9185 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-18-027 Password is sent to Client side Reference>