Primary

Context

Fortinet FortiClient Windows Hard-Coded Cryptographic Key Vulnerability Allowing Information Disclosure

Vulnerability

Patched

A vulnerability exists in Fortinet FortiClient for Windows, specifically in versions 7.4.0 through 7.4.2 and all versions of 7.2. This vulnerability involves the use of hard-coded cryptographic keys, which may allow an authenticated local attacker to decrypt the VPN password of a currently logged-in user. The issue arises from the use of an unprotected DLL function that can be exploited by an authenticated local attacker.

Impact

Exploitation of this vulnerability could lead to unauthorized decryption of VPN passwords saved by the user, allowing an attacker to gain access to the user's VPN session.

Remediation

Users of Fortinet FortiClient Windows 7.4 should upgrade to version 7.4.3 or above. Users of Fortinet FortiClient Windows 7.2 should migrate to a fixed release.

Added: May 12, 2026, 6:52 PM

Updated: May 12, 2026, 6:52 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

3.3

remediation

7.7

relevance

8.1

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fortinet FortiClient Windows Hard-Coded Cryptographic Key Vulnerability Allowing Information Disclosure

Vulnerability

Impact

Remediation

Affected Products

Fortinet FortiClient

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating