Multiple VPN applications insecurely store session cookies
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-110
Final
1
1
2019-04-23T00:00:00
Current version
2019-04-23T00:00:00
2019-04-23T00:00:00
The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if endpoint device has been compromised in such a way that the attacker has access to FortiClient's debug logs or memory space. Furthermore, practical use of the stolen cookie requires the attacker to spoof the endpoint's IP address.
Exploiting the stolen session cookie may consist in an attacker replaying the cookie and gain access to user's VPN session or loging out the user itself
FortiClient for Windows (6.2.0 and earlier)FortiClient for Mac OSX (6.2.0 and earlier)
Fortigate by default mitigates the session cookie misuse by verifying the source IP of client's request. As a precautionary measure, please upgrade to upcoming:FortiClient for Windows 6.2.1FortiClient for Mac OSX 6.2.1
https://fortiguard.fortinet.com/psirt/FG-IR-19-110
Multiple VPN applications insecurely store session cookies
https://www.kb.cert.org/vuls/id/192371/
https://www.kb.cert.org/vuls/id/192371/
Multiple VPN applications insecurely store session cookies
4
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-110
Multiple VPN applications insecurely store session cookies
Reference>
https://www.kb.cert.org/vuls/id/192371/
https://www.kb.cert.org/vuls/id/192371/