Fortinet: FortiClient Windows flaw lets local attacker decrypt a logged-in user's saved VPN password (CVSSv3 2.1)
Fortinet advisory FG-IR-26-129, revised May 12, describes a missing-authorization weakness (CWE-862) in FortiClient for Windows that may allow an authenticated local attacker to decrypt a currently logged-in user's VPN p.
At a glance
- A CWE-862 missing-authorization flaw in FortiClient Windows may let an authenticated local attacker decrypt a logged-in user's VPN password through an unprotected DLL function, per Fortinet FG-IR-26-129
- Fortinet rates the issue CVSSv3 2.1
VERDICT — CONFIRMED
Fortinet advisory FG-IR-26-129, revised May 12, describes a missing-authorization weakness (CWE-862) in FortiClient for Windows that may allow an authenticated local attacker to decrypt a currently logged-in user's VPN password via an unprotected DLL function. The advisory title ties the issue to a hardcoded encryption key used for saved VPN passwords. Fortinet scores it CVSSv3 2.1, low severity given the local-access and authentication requirements.
Key facts on file
- A CWE-862 missing-authorization flaw in FortiClient Windows may let an authenticated local attacker decrypt a logged-in user's VPN password through an unprotected DLL function, per Fortinet FG-IR-26-129
- Fortinet rates the issue CVSSv3 2.1

