Credentials can be dumped from memory

Credentials can be dumped from memory Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-23-278 Final 1 1 2024-12-18T00:00:00 Current version 2024-12-18T00:00:00 2025-04-22T00:00:00 A Cleartext Storage of Sensitive Information vulnerability [CWE-312] in FortiClient Windows and FortiClient Linux may permit a local authenticated user to retrieve VPN password via memory dump, due to JavaScript's garbage collector None Information disclosure None https://fortiguard.fortinet.com/psirt/FG-IR-23-278 Credentials can be dumped from memory https://docs.fortinet.com/document/forticlient/7.4.1/xml-reference-guide/56173 https://docs.fortinet.com/document/forticlient/7.4.1/xml-reference-guide/56173 https://docs.fortinet.com/document/forticlient/7.4.1/ems-administration-guide/682498/remote-access https://docs.fortinet.com/document/forticlient/7.4.1/ems-administration-guide/682498/remote-access Fortinet is pleased to thank Efstratios Chatzoglou, Vyron Kampourakis, Zisis Tsiatsikas, Georgios Karopoulos, and Georgios Kambourakis from the University of the Aegean and the Norwegian University of Science and Technology, and Hassan Al-Khafaji from NourNet for reporting this vulnerability under responsible disclosure. FortiClientLinux 7.4.2 FortiClientLinux 7.4.1 FortiClientLinux 7.4.0 FortiClientLinux 7.2.7 FortiClientLinux 7.2.6 FortiClientLinux 7.2.5 FortiClientLinux 7.2.4 FortiClientLinux 7.2.3 FortiClientLinux 7.2.2 FortiClientLinux 7.2.1 FortiClientLinux 7.2.0 FortiClientLinux 7.0.13 FortiClientLinux 7.0.12 FortiClientLinux 7.0.11 FortiClientLinux 7.0.10 FortiClientLinux 7.0.9 FortiClientLinux 7.0.8 FortiClientLinux 7.0.7 FortiClientLinux 7.0.6 FortiClientLinux 7.0.5 FortiClientLinux 7.0.4 FortiClientLinux 7.0.3 FortiClientLinux 7.0.2 FortiClientLinux 7.0.1 FortiClientLinux 7.0.0 FortiClientWindows 7.4.1 FortiClientWindows 7.4.0 FortiClientWindows 7.2.6 FortiClientWindows 7.2.5 FortiClientWindows 7.2.4 FortiClientWindows 7.2.3 FortiClientWindows 7.2.2 FortiClientWindows 7.2.1 FortiClientWindows 7.2.0 FortiClientWindows 7.0.13 FortiClientWindows 7.0.12 FortiClientWindows 7.0.11 FortiClientWindows 7.0.10 FortiClientWindows 7.0.9 FortiClientWindows 7.0.8 FortiClientWindows 7.0.7 FortiClientWindows 7.0.6 FortiClientWindows 7.0.5 FortiClientWindows 7.0.4 FortiClientWindows 7.0.3 FortiClientWindows 7.0.2 FortiClientWindows 7.0.1 FortiClientWindows 7.0.0 Credentials can be dumped from memory CVE-2024-50570 FortiClientLinux-7.4.2 FortiClientLinux-7.4.1 FortiClientLinux-7.4.0 FortiClientLinux-7.2.7 FortiClientLinux-7.2.6 FortiClientLinux-7.2.5 FortiClientLinux-7.2.4 FortiClientLinux-7.2.3 FortiClientLinux-7.2.2 FortiClientLinux-7.2.1 FortiClientLinux-7.2.0 FortiClientLinux-7.0.13 FortiClientLinux-7.0.12 FortiClientLinux-7.0.11 FortiClientLinux-7.0.10 FortiClientLinux-7.0.9 FortiClientLinux-7.0.8 FortiClientLinux-7.0.7 FortiClientLinux-7.0.6 FortiClientLinux-7.0.5 FortiClientLinux-7.0.4 FortiClientLinux-7.0.3 FortiClientLinux-7.0.2 FortiClientLinux-7.0.1 FortiClientLinux-7.0.0 FortiClientWindows-7.4.1 FortiClientWindows-7.4.0 FortiClientWindows-7.2.6 FortiClientWindows-7.2.5 FortiClientWindows-7.2.4 FortiClientWindows-7.2.3 FortiClientWindows-7.2.2 FortiClientWindows-7.2.1 FortiClientWindows-7.2.0 FortiClientWindows-7.0.13 FortiClientWindows-7.0.12 FortiClientWindows-7.0.11 FortiClientWindows-7.0.10 FortiClientWindows-7.0.9 FortiClientWindows-7.0.8 FortiClientWindows-7.0.7 FortiClientWindows-7.0.6 FortiClientWindows-7.0.5 FortiClientWindows-7.0.4 FortiClientWindows-7.0.3 FortiClientWindows-7.0.2 FortiClientWindows-7.0.1 FortiClientWindows-7.0.0 4.9 CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-23-278 Credentials can be dumped from memory Reference> https://docs.fortinet.com/document/forticlient/7.4.1/xml-reference-guide/56173 https://docs.fortinet.com/document/forticlient/7.4.1/xml-reference-guide/56173 https://docs.fortinet.com/document/forticlient/7.4.1/ems-administration-guide/682498/remote-access https://docs.fortinet.com/document/forticlient/7.4.1/ems-administration-guide/682498/remote-access