HKLM\SOFTWARE\WOW6432Node\Fortinet\FortiClient\Sslvpn\Tunnels While the same dataset is stored in the registry key Library/Application Support/Fortinet/FortiClient/conf/vpn.plist The read access of the configuration file is set for “others” too, making the file world-readable.
Fortinet vpn client linux mac osx#
The same decryption key can be found in the Windows and Mac OSX binary. $ strings forticlientsslvpn |grep "fc_1A" The hardcoded key can be disclosed on the Linux version by issuing the following command: Above all, the aforementioned storage is world readable, which actually lays the foundation for the credential recovery.
The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Vulnerability Overview/ DescriptionįortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The patched FortiClient versions should be installed immediately as the VPN credentials could be decrypted by an attacker.
Our unique security fabric combines Security Processors, an intuitive operating system, and applied threat intelligence to give you proven security, exceptional performance, and better visibility and control–while providing easier administration.” We provide top-rated network and content security, as well as secure access products that share intelligence and work together to form a cooperative fabric. “From the start, the Fortinet vision has been to deliver broad, truly integrated, high-performance security across the IT infrastructure.