
SEC Consult has created a proof-of-concept (PoC) tool that exploits the vulnerability to recover passwords, but it will only be made public after users have had a chance to update their FortiClient installations. “(Internal) attackers with valid domain credentials can then harvest all credentials of all other VPN users and gain access to their domain user account (e.g. “The vulnerabilities are mostly problematic in an enterprise environment where the VPN is often authenticated against domain accounts,” Johannes Greil, head of the SEC Consult Vulnerability Lab, told SecurityWeek. An attacker can easily find the encrypted passwords and decrypt them using the hardcoded key. The second issue is that while the credentials are stored in an encrypted form, the decryption key is hardcoded in the application and it’s the same across all installations. One of the problems is related to the fact that the VPN credentials are stored in a configuration file (on Linux and macOS) and in the registry (on Windows) – locations that are easily accessible.

Researchers at SEC Consult have discovered a couple of issues that can be exploited to access VPN authentication credentials associated with the product. To ensure remove any cached credentials in operation systems, perform a FortiClient uninstall then reinstall is also recommended.Updates released by Fortinet for its FortiClient product patch a serious information disclosure vulnerability that can be exploited to obtain VPN authentication credentials.įortiClient is a next-generation endpoint protection product that includes web filtering, application firewall, vulnerability assessment, anti-malware, and SSL and IPsec VPN features for desktop and mobile systems running Windows, macOS, Linux, Android and iOS. When a FortiClient upgrade is not feasible temporarily, it is suggested to disable the FortiClient "Save Password" feature from FortiOS, end users need stop using this option on FotiClient and change their passwords right after that. Upgrade to released together with FortiOS 6.0.0Ī scheduled upgrading to the resolved versions is strongly recommended to maximum the security protection. Upgrade to released together with FortiOS 5.4.7
