PSIRT Advisory

FortiOS SSL VPN user credential plaintext storage

Summary

A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.


To successfully exploit this weakness, another unrelated weakness (eg: a system file leaking vulnerability) would therefore need to be exploited first.

Impact

Information Disclosure

Affected Products

FortiOS 6.2.0 to 6.2.2, 6.0.9 and below

Solutions

Upgrade to FortiOS 6.0.10 or 6.2.3 or above


Revision History:
2020-01-27 Initial Version
2020-06-26 New fix on 6.0.10 released.