Fortinet FortiClient VPN Credential Disclosure

Fortinet FortiClient VPN Credential Disclosure

FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays […]

The post Fortinet FortiClient VPN Credential Disclosure appeared first on MondoUnix.