PSIRT

Multiple VPN applications insecurely store session cookies

Summary

The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if endpoint device has been compromised in such a way that the attacker has access to FortiClient's debug logs or memory space. Furthermore,Â practical use of the stolen cookie requires the attacker to spoof the endpoint's IP address.

Affected Products

FortiClient for Windows (6.2.0 and earlier)
FortiClient for Mac OSX (6.2.0 and earlier)

Solutions

Fortigate by default mitigates the session cookie misuse by verifying the source IP of client's request. As a precautionary measure, please upgrade to upcoming:
FortiClient for Windows 6.2.1
FortiClient for Mac OSX 6.2.1

References

https://www.kb.cert.org/vuls/id/192371/

IR Number	FG-IR-19-110
Date	Apr 23, 2019
Severity	Low
CVSSv3 Score	4
Impact	Exploiting the stolen session cookie may consist in an attacker replaying the cookie and gain access to user's VPN session or loging out the user itself
CVRF	Download

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

PSIRT

Multiple VPN applications insecurely store session cookies

Summary

Affected Products

Solutions

References

News/Research

Research Center

PSIRT Center

Services

By Outbreak

By Solution

By Product

Protect

Detect

Respond

Recover

Identify

Network Security

Endpoint Security

Application Security

Security Operations

Threat Intelligence Center

Resource Center

About

FortiGuard Labs

Partners

PSIRT

Multiple VPN applications insecurely store session cookies

Summary

Affected Products

Solutions

References

Threat Intelligence
Center