CVE-2015-1453

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.

Published: Feb 2, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-1453
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-310

Affected Software
References

Software	From	Fixed in
fortinet / forticlient	-	5.2.3.091.x

http://seclists.org/fulldisclosure/2015/Jan/124
http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf
http://www.securityfocus.com/bid/72383

Vulnerability Database

289,599

CVE-2015-1453