The leaked credential may potentially be captured by an attacker if additional session handling, access control or cross-site scripting vulnerabilities were to be discovered in the SSL-VPN web portal, or in the applications within (or in case of client-side vulnerabilities, in the user's browser).
FortiOS 6.0.0, 5.6.5 and below versions
Upgrade to FortiOS 5.6.6, 6.0.1 or newer versions
Avoid using the SSO feature in FortiOS SSL VPN bookmarks, especially if the applications inside the SSL VPN web portal are untrusted.
Fortinet is pleased to thank Stephan Neidhardt - link protect GmbH reporting this vulnerability under responsible disclosure.