Описание
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.
Уязвимые конфигурации
Конфигурация 1Версия до 5.6.0 (включая)
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:windows:*:*
Конфигурация 2Версия до 5.6.0 (включая)
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:macos:*:*
Конфигурация 3Версия до 4.4.2335 (включая)
cpe:2.3:a:fortinet:forticlient_sslvpn_client:*:*:*:*:*:linux:*:*
EPSS
Процентиль: 21%
0.00068
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-326
Связанные уязвимости
CVSS3: 7.5
github
больше 3 лет назад
Users' VPN authentication credentials are unsafely encrypted in Fortinet FortiClient for Windows 5.6.0 and below versions, FortiClient for Mac OSX 5.6.0 and below versions and FortiClient SSLVPN Client for Linux 4.4.2335 and below versions, due to the use of a static encryption key and weak encryption algorithms.
EPSS
Процентиль: 21%
0.00068
Низкий
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
CWE-326