PT-2015-5293 · Fortinet · Forticlient

Denis Andzakovic

Published

2015-02-02

Updated

2015-11-30

CVE-2015-1453

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Name of the Vulnerable Software and Affected Versions FortiClient version 5.2.3.091

Description The issue concerns the use of a hardcoded encryption key in the qm class, which can be leveraged by attackers to decrypt sensitive data, including passwords, stored in the Shared Preferences.

Recommendations For FortiClient version 5.2.3.091, consider updating to a newer version that does not use a hardcoded encryption key, or contact the vendor for specific guidance on securing the affected component. As a temporary workaround, restrict access to sensitive data stored in the Shared Preferences to minimize the risk of exploitation.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

CVE-2015-1453

Affected Products

Forticlient

PT-2015-5293 · Fortinet · Forticlient

CVE-2015-1453

Weakness Enumeration

Related Identifiers

Affected Products

References · 4