FortiOS SSL VPN user credential plaintext storage
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.
To successfully exploit this weakness, another unrelated weakness (eg: a system file leaking vulnerability) would therefore need to be exploited first.
FortiOS 6.2.0 to 6.2.2, 6.0.9 and below, 5.6.13 and below.
Upgrade to FortiOS 6.0.10 or 6.2.3 or 5.6.14 or above
2020-01-27 Initial Version
2020-06-26 New fix on 6.0.10 released.
2021-07-29 New fix on 5.6.14 released