FortiClient for Windows - Hardcoded credentials in vcm2.exe

Nov. 14, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

A use of hard-coded credentials vulnerability [CWE-798] in FortiClient for Windows may allow an attacker to bypass system protections via the use of static credentials.

attacker bypass credentials cwe hard hardcoded hard-coded credentials hardcoded credentials may system vulnerability windows

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiAuthenticator - Open Redirect on /portal/disclaimer 2 weeks, 5 days ago | fortiguard.fortinet.com

attacker cwe disclaimer may +8

Exposure of password hashes to read-only admin 2 weeks, 5 days ago | fortiguard.fortinet.com

admin control cwe data +11

Double free with double usage of json_object_put 2 weeks, 5 days ago | fortiguard.fortinet.com

attacker code commands cwe +9

Format String Bug in cli command 2 weeks, 5 days ago | fortiguard.fortinet.com

amp arbitrary code arbitrary code execution attacker +19

Client IP relies on X-Forwarded-For and other headers 2 weeks, 5 days ago | fortiguard.fortinet.com

attack bypass client cwe +10

Buffer overflow in administrative interface 2 weeks, 5 days ago | fortiguard.fortinet.com

arbitrary code attacker buffer buffer overflow +13

Code injection in playbook code snippet step 2 weeks, 5 days ago | fortiguard.fortinet.com

arbitrary code attacker code code injection +7

Client-side enforcement of server-side security related to customer reports features 2 weeks, 5 days ago | fortiguard.fortinet.com

access account attacker client +16

HTTP/2 CONTINUATION Frames Vulnerability 2 weeks, 5 days ago | fortiguard.fortinet.com

attack can connection crash +14

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland

View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City

View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL

View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US

View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia

View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)

View on infosec-jobs.com

all InfoSec news

FortiClient for Windows - Hardcoded credentials in vcm2.exe

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

CyberSOC Technical Lead

Cyber Security Strategy Consultant

Cyber Security Senior Consultant

Sr. Product Manager

Security Compliance Strategist

Cloud Security Architect, Lead