FortiClient Use of Hard-coded Cryptographic Key


Use of a hard-coded cryptographic key to encrypt security sensitive data in configuration in FortiClient for Windows may allow an attacker with access to the configuration or the backup file to decrypt the sensitive data via knowledge of the hard-coded key.

Affected Products

FortiClient for Windows below 6.4.0


Upgrade to FortiClient for Windows 6.4.0


Fortinet is pleased to thank Independent security researcher Gregory Draperi for reporting this vulnerability under responsible disclosure.