Weak Encryption in Fortinet FortiClient Leading to Credential Exposure
CVE-2017-17543
7.5HIGH
Key Information:
- Vendor
Fortinet
- Vendor
- CVE Published:
- 26 April 2018
What is CVE-2017-17543?
The Fortinet FortiClient applications for Windows, Mac OSX, and Linux exhibit a security flaw where VPN authentication credentials are inadequately encrypted. This issue arises from the reliance on a static encryption key combined with the use of outdated and weak encryption algorithms. Consequently, sensitive user credentials could be exposed to unauthorized individuals, potentially leading to serious security breaches. Organizations using affected versions are advised to update their FortiClient installations promptly to mitigate risks.
Affected Version(s)
FortiClient for Mac OSX 5.6.0 and below versions
FortiClient for Windows 5.6.0 and below versions
FortiClient SSLVPN Client for Linux 4.4.2335 and below versions