| IR Number | FG-IR-19-194 |
| Date | Jun 1, 2020 |
| Severity |
Low |
| CVSSv3 Score | 3.6 |
| Impact | Information Disclosure |
| CVE ID | CVE-2019-16150 |
| Affected Products |
FortiClientWindows
:
6.2.9, 6.2.8, 6.2.7, 6.2.6
|
| CVRF | Download |
Refine Search
PSIRT Advisories
FortiClient Use of Hard-coded Cryptographic Key
Summary
Use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may allow an attacker with access to the configuration or the backup file to decrypt the sensitive data via knowledge of the hard-coded key.
Affected Products
FortiClient for Windows below 6.4.0
Solutions
Upgrade to FortiClient for Windows 6.4.0
Acknowledgement
Fortinet is pleased to thank Independent security researcher Gregory Draperi for reporting this vulnerability under responsible disclosure.