2020-06-16 20:14:55
fortinet
PUBLISHED
A cleartext storage in a file or on disk (CWE-313) vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN users credentials should that attacker be able to read the session file stored on the targeted devices system.