Description
The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.
References (3)
Core 3
Core References
Exploit x_refsource_misc
http://www.security-assessment.com/files/documents/advisory/Fortinet_FortiClient_Multiple_Vulnerabilities.pdf
Exploit mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2015/Jan/124
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/72383
Scores
EPSS
0.0016
EPSS Percentile
35.9%
Details
CWE
CWE-310
Status
published
Products (1)
fortinet/forticlient
< 5.2.3.091
Published
Feb 02, 2015
Tracked Since
Feb 18, 2026