Sensitive Information Exposure in FortiClient for Mac
CVE-2022-33878
2.2LOW
What is CVE-2022-33878?
A vulnerability in FortiClient for Mac versions 7.0.0 through 7.0.5 allows localized authenticated attackers to access sensitive information, specifically the SSL-VPN password, in cleartext. This can be achieved by executing a logstream command for the FortiTray process through the terminal, presenting a significant risk if exploited. Ensuring secure coding practices and appropriate user access controls can help mitigate this issue.
Affected Version(s)
Fortinet FortiClientMac FortiClientMac 7.0.5, 7.0.4, 7.0.3, 7.0.2, 7.0.1, 7.0.0