Lucene search

[email protected]CVE-2015-1453

HistoryFeb 02, 2015 - 4:59 p.m.

CVE-2015-1453

2015-02-0216:59:06

CWE-310

[email protected]

web.nvd.nist.gov

cve-2015-1453

fortinet

forticlient

android

hardcoded encryption key

data decryption

shared preferences

security vulnerability

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.4%

JSON

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.

Affected configurations

NVD

Node

fortinetforticlientRange≤5.2.3.091android

CPENameOperatorVersion
fortinet:forticlientfortinet forticlientle5.2.3.091

CPE	Name	Operator	Version
fortinet:forticlient	fortinet forticlient	le	5.2.3.091

References

seclists.org/fulldisclosure/2015/Jan/124

www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf

www.securityfocus.com/bid/72383

5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

6.5 Medium

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.4%

JSON

Related for CVE-2015-1453

nvd1 cvelist1 fortinet1 prion1