FortiTray stores the SSLVPN password in cleartext
Summary
An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal.
Version | Affected | Solution |
---|---|---|
FortiClientMac 7.0 | 7.0.0 through 7.0.5 | Upgrade to 7.0.6 or above |
Acknowledgement
Fortinet is pleased to thank Pavel Bondarenko for reporting this vulnerability under responsible disclosure.References
- Disable "Save Password" setting either on FortiGate SSLVPN settings or in FortiClientMAC