FortiClient Unencrypted Password Vulnerability
Summary
One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation could dump the credentials.
Description
One of the processes in FortiClient stores VPN credentials unencrypted in memory. A malicious attacker who compromised the workstation could dump the credentials.
Impact Detail
NOT RENDERED BY THE CMS
Affected Products
FortiClient 5.4.0 and below
Solutions
Upgrade to FortiClient 5.4.1 Â
Acknowledgement
Fortinet is pleased to thank Alexander Korznikov for reporting this vulnerability under responsible disclosure. Â Â