Security News

Cybersecurity news aggregator

🔓
LOW Vulnerabilities Fortinet PSIRT

Hardcoded Encryption Key Used for VPN Saved Passwords

cve-2026-44278forticlientmitre-ta0001mitre-t1190
  • What: Hardcoded encryption key in FortiClient
  • Impact: Local attackers can decrypt saved VPN passwords
Read Full Article →

PSIRT Hardcoded Encryption Key Used for VPN Saved Passwords Summary A Missing Authorization [CWE-862] in FortiClient Windows may allow an authenticated local attacker to decrypt a currently logged in users VPN password via use of an unprotected DLL function. Version Affected Solution FortiClientWindows 7.4 7.4.0 through 7.4.2 Upgrade to 7.4.3 or above FortiClientWindows 7.2 7.2 all versions Migrate to a fixed release Acknowledgement Alex Ghiotto of HackerHood Research Group Timeline 2026-05-12: Initial publication IR Number FG-IR-26-129 Published Date May 12, 2026 Component GUI Severity Low Discovered External Attack Type Authenticated Known Exploited No CVSSv3 Score 2.1 Impact Information disclosure CVE ID CVE-2026-44278 Download CVRF CSAF

Related Articles

HIGH Multiples vulnérabilités dans les produits Fortinet (13 mai 2026) CERT-FR (ANSSI) CRITICAL FortiClient EMS zero-day exploited, emergency hotfixes available (CVE-2026-35616) Help Net Security CRITICAL New FortiClient EMS flaw exploited in attacks, emergency patch released BleepingComputer CRITICAL Attackers exploited this critical FortiClient EMS bug as a 0-day The Register Security
Read Full Article → ← Back to News

Share this article

Twitter Facebook LinkedIn