PSIRT Advisories

FortiClient Unencrypted Password Vulnerability

Summary

One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation could dump the credentials.

description-logo Description

One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation could dump the credentials.

Impact Detail

NOT RENDERED BY THE CMS

Affected Products

FortiClient 5.4.0 and below

Solutions

Upgrade to FortiClient 5.4.1  

Acknowledgement

Fortinet is pleased to thank Alexander Korznikov for reporting this vulnerability under responsible disclosure.