PSIRT

FortiTray stores the SSLVPN password in cleartext

Summary

An exposure of sensitive information to an unauthorized actor vulnerabiltiy [CWE-200] in FortiClient for Mac may allow a local authenticated attacker to obtain the SSL-VPN password in cleartext via running a logstream for the FortiTray process in the terminal.

Version	Affected	Solution
FortiClientMac 7.0	7.0.0 through 7.0.5	Upgrade to 7.0.6 or above
FortiClientMac 6.4	Not affected	Not Applicable
FortiClientMac 6.2	Not affected	Not Applicable

Acknowledgement

Fortinet is pleased to thank Pavel Bondarenko for reporting this vulnerability under responsible disclosure.

Timeline

2022-11-01: Initial publication

References

Disable "Save Password" setting either on FortiGate SSLVPN settings or in FortiClientMAC

IR Number	FG-IR-22-246
Published Date	Nov 1, 2022
Component	SSL-VPN
Severity	Low
Discovered	Internal
Attack Type	Authenticated
Known Exploited	No
CVSSv3 Score	2.2
Impact	Information disclosure
CVE ID
Download	CVRF CSAF

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

PSIRT

FortiTray stores the SSLVPN password in cleartext

Summary

Acknowledgement

Timeline

References

Research Center

Services

Protect

Detect

Respond

Recover

Identify

Network Security

Cloud & Application Security

Endpoint Security

Security Operations

Threat Intelligence Center

Support Center

Resource Center

About

PSIRT

FortiTray stores the SSLVPN password in cleartext

Summary

Acknowledgement

Timeline

References

Threat Intelligence
Center