Hardcoded Encryption Key Vulnerability in Fortinet FortiClient 5.2.3.091 for Android

Hardcoded Encryption Key Vulnerability in Fortinet FortiClient 5.2.3.091 for Android

CVE-2015-1453 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.

Learn more about our Cis Benchmark Audit For Fortinet.