A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on the targeted device's system.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: fortinet
Published: 2020-06-16T20:14:55
Updated: 2024-08-05T01:47:13.751Z
Reserved: 2019-10-16T00:00:00
Link: CVE-2019-17655
Vulnrichment
No data.
NVD
Status : Modified
Published: 2020-06-16T21:15:10.313
Modified: 2021-03-09T17:15:12.220
Link: CVE-2019-17655
Redhat
No data.