FCT Use of Hard-coded Cryptographic Key Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-19-194 Final 1 1 2020-06-01T00:00:00 Current version 2020-06-01T00:00:00 2020-06-01T00:00:00 Use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may allow an attacker with access to the configuration or the backup file to decrypt the sensitive data via knowledge of the hard-coded key. Escalation of privilege FortiClient for Windows below 6.4.0 Upgrade to FortiClient for Windows 6.4.0 Fortinet is pleased to thank Independent security researcher Gregory Draperi for reporting this vulnerability under responsible disclosure. CVE-2019-16150 3.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X https://fortiguard.fortinet.com/psirt/FG-IR-19-194 FCT Use of Hard-coded Cryptographic Key Reference>