FortiClient Use of Hard-coded Cryptographic Key
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-19-194
Final
1
1
2020-06-01T00:00:00
Current version
2020-06-01T00:00:00
2020-06-01T00:00:00
Use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may allow an attacker with access to the configuration or the backup file to decrypt the sensitive data via knowledge of the hard-coded key.
Information Disclosure
FortiClient for Windows below 6.4.0
Upgrade to FortiClient for Windows 6.4.0
Fortinet is pleased to thank Independent security researcher Gregory Draperi for reporting this vulnerability under responsible disclosure.
FortiClientWindows 6.2.9
FortiClientWindows 6.2.8
FortiClientWindows 6.2.7
FortiClientWindows 6.2.6
FortiClient Use of Hard-coded Cryptographic Key
CVE-2019-16150
FortiClientWindows-6.2.9
FortiClientWindows-6.2.8
FortiClientWindows-6.2.7
FortiClientWindows-6.2.6
3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:F/RL:X/RC:X
https://fortiguard.fortinet.com/psirt/FG-IR-19-194
FortiClient Use of Hard-coded Cryptographic Key
Reference>