Dangerous vulnerability of Fortinet's anti-virus has been fixed

Fortinet eliminated vulnerabilities of its FortiClient software. Security solution FortiClient is one of the most popular in the world, partly because it includes a VPN client. However, it was the VPN client that had serious issues. Researchers at SEC Consult discovered them. They established that VPN credentials are saved on a local file on each of the computers that has FortiClient installed. This file is encrypted, but the encryption key is the same for all users. Moreover, it is also stored in app's code. Criminals have a way of extracting it and therefore getting access to VPN user credentials.

This vulnerability affects FortiClient 5.6.0 and earlier versions on Windows and MacOS as well as FortiClient 4.4.2334 and earlier on Linux. Necessary updates for all operating systems have already been released.