Published: 15/12/2017 Updated: 11/05/2020

CVSS v2 Base Score: 4 | Impact Score: 2.9 | Exploitability Score: 8

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 356

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

An Information Disclosure vulnerability in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2334 and below versions allows regular users to see each other's VPN authentication credentials due to improperly secured storage locations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fortinet forticlient
fortinet forticlient sslvpn client

FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows) The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations Above all, the aforementioned storage is world readable, which actually lays ...

CWE-200 https://fortiguard.com/advisory/FG-IR-17-214 http://www.securityfocus.com/bid/102123 https://nvd.nist.gov https://packetstormsecurity.com/files/145397/Fortinet-FortiClient-VPN-Credential-Disclosure.html

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-14184

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect