FortiOS SSL VPN user credential plaintext storage
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-217
Final
1
1
2021-09-07T00:00:00
Current version
2021-09-07T00:00:00
2021-09-07T00:00:00
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.To successfully exploit this weakness, another unrelated weakness (eg: a system file leaking vulnerability) would therefore need to be exploited first.
Information Disclosure
FortiOS 6.2.0 to 6.2.2, 6.0.9 and below, 5.6.13 and below.
Upgrade to FortiOS 6.0.10 or 6.2.3 or 5.6.14 or above Revision History: 2020-01-27 Initial Version 2020-06-26 New fix on 6.0.10 released. 2021-07-29 New fix on 5.6.14 released
https://fortiguard.fortinet.com/psirt/FG-IR-19-217
FortiOS SSL VPN user credential plaintext storage
https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
FortiOS 6.2.2
FortiOS 6.2.1
FortiOS 6.2.0
FortiOS 6.0.9
FortiOS 6.0.8
FortiOS 6.0.7
FortiOS 6.0.6
FortiOS 6.0.5
FortiOS 6.0.4
FortiOS 6.0.3
FortiOS 6.0.2
FortiOS 6.0.1
FortiOS 6.0.0
FortiOS 5.6.13
FortiOS 5.6.12
FortiOS 5.6.11
FortiOS 5.6.10
FortiOS 5.6.9
FortiOS 5.6.8
FortiOS 5.6.7
FortiOS 5.6.6
FortiOS 5.6.5
FortiOS 5.6.4
FortiOS 5.6.3
FortiOS 5.6.2
FortiOS 5.6.1
FortiOS 5.6.0
FortiOS 5.4.13
FortiOS 5.4.12
FortiOS 5.4.11
FortiOS 5.4.10
FortiOS 5.4.9
FortiOS 5.4.8
FortiOS 5.4.7
FortiOS 5.4.6
FortiOS 5.4.5
FortiOS 5.4.4
FortiOS 5.4.3
FortiOS 5.4.2
FortiOS 5.4.1
FortiOS 5.4.0
FortiOS 5.2.15
FortiOS 5.2.14
FortiOS 5.2.13
FortiOS 5.2.12
FortiOS 5.2.11
FortiOS 5.2.10
FortiOS 5.2.9
FortiOS 5.2.8
FortiOS 5.2.7
FortiOS 5.2.6
FortiOS 5.2.5
FortiOS 5.2.4
FortiOS 5.2.3
FortiOS 5.2.2
FortiOS 5.2.1
FortiOS 5.2.0
FortiOS SSL VPN user credential plaintext storage
CVE-2019-17655
FortiOS-6.2.2
FortiOS-6.2.1
FortiOS-6.2.0
FortiOS-6.0.9
FortiOS-6.0.8
FortiOS-6.0.7
FortiOS-6.0.6
FortiOS-6.0.5
FortiOS-6.0.4
FortiOS-6.0.3
FortiOS-6.0.2
FortiOS-6.0.1
FortiOS-6.0.0
FortiOS-5.6.13
FortiOS-5.6.12
FortiOS-5.6.11
FortiOS-5.6.10
FortiOS-5.6.9
FortiOS-5.6.8
FortiOS-5.6.7
FortiOS-5.6.6
FortiOS-5.6.5
FortiOS-5.6.4
FortiOS-5.6.3
FortiOS-5.6.2
FortiOS-5.6.1
FortiOS-5.6.0
FortiOS-5.4.13
FortiOS-5.4.12
FortiOS-5.4.11
FortiOS-5.4.10
FortiOS-5.4.9
FortiOS-5.4.8
FortiOS-5.4.7
FortiOS-5.4.6
FortiOS-5.4.5
FortiOS-5.4.4
FortiOS-5.4.3
FortiOS-5.4.2
FortiOS-5.4.1
FortiOS-5.4.0
FortiOS-5.2.15
FortiOS-5.2.14
FortiOS-5.2.13
FortiOS-5.2.12
FortiOS-5.2.11
FortiOS-5.2.10
FortiOS-5.2.9
FortiOS-5.2.8
FortiOS-5.2.7
FortiOS-5.2.6
FortiOS-5.2.5
FortiOS-5.2.4
FortiOS-5.2.3
FortiOS-5.2.2
FortiOS-5.2.1
FortiOS-5.2.0
4.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-217
FortiOS SSL VPN user credential plaintext storage
Reference>
https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html
https://blog.orange.tw/2019/08/attacking-ssl-vpn-part-2-breaking-the-fortigate-ssl-vpn.html