Main Vulnerability Database SB2024111813

SB2024111813 - Unprotected storage of credentials in FortiClient for Windows

Published: November 18, 2024

Security Bulletin ID SB2024111813

Severity

High

Patch available

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Information disclosure

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Unprotected storage of credentials (CVE-ID: N/A)

The vulnerability allows a local user to gain access to VPN client credentials.

The vulnerability exists due to application stores user's VPN credentials in plain text in memory after establishing the VPN connection. A local user or a malicious application can retrieve these credentials from the process memory and use them later to connect to the Fortinet VPN server.

Note, the vulnerability is being actively exploited in the wild by the DEEPDATA malware.

Remediation

Cybersecurity Help is not aware of any official remediation provided by the vendor.

References

https://www.volexity.com/blog/2024/11/15/brazenbamboo-weaponizes-forticlient-vulnerability-to-steal-vpn-credentials-via-deepdata/