PSIRT Advisories

FortiOS SSL VPN user credential plaintext storage


A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.

To successfully exploit this weakness, another unrelated weakness (eg: a system file leaking vulnerability) would therefore need to be exploited first.

Affected Products

FortiOS 6.2.0 to 6.2.2, 6.0.9 and below, 5.6.13 and below.


Upgrade to FortiOS 6.0.10 or 6.2.3 or 5.6.14 or above

Revision History:
2020-01-27 Initial Version
2020-06-26 New fix on 6.0.10 released.
2021-07-29 New fix on 5.6.14 released