Fortinet provided security updates for its next-generation endpoint protection FortiClient product that address a serious information disclosure vulnerability. The flaw, tracked as CVE-2017-14184, could be exploited by an attacker to obtain VPN authentication credentials. Fortinet rated the issue as high severity, while Fortinet has assigned it a 4/5 risk rating. Android and iOS apps not impacted by the flaw are not impacted. The company has developed a proof-of-concept (PoC) tool that leverages on these issued to recover passwords.”]
Source: http://securityaffairs.co/wordpress/66727/hacking/forticlient-improper-access-control.html