FortiClient for Windows - Hardcoded credentials in vcm2.exe

Nov. 14, 2023, 8 a.m. |

FortiGuard Labs | FortiGuard Center - IR Advisories fortiguard.fortinet.com

A use of hard-coded credentials vulnerability [CWE-798] in FortiClient for Windows may allow an attacker to bypass system protections via the use of static credentials.

attacker bypass credentials cwe hard hardcoded hard-coded credentials hardcoded credentials may system vulnerability windows

Visit resource

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

FortiMail - User can see and modify address book folders title of other users 2 weeks, 2 days ago | fortiguard.fortinet.com

address attacker authorization book +8

FortiClient (Windows) - DLL Hijacking via openssl.cnf 2 weeks, 2 days ago | fortiguard.fortinet.com

attack attacker cwe dll +14

FortiMail - Login mechanism without rate limitation 2 weeks, 2 days ago | fortiguard.fortinet.com

attack attacker authentication brute +10

FortiOS & FortiProxy - DOS in headers management 2 weeks, 2 days ago | fortiguard.fortinet.com

attack attacker cwe device +13

FortiADC & FortiDDoS-F - CORS: arbitrary origin trusted 2 weeks, 2 days ago | fortiguard.fortinet.com

actions api attacker cors +15

FortiClient (Windows) - Arbitrary file deletion from unprivileged users 2 weeks, 2 days ago | fortiguard.fortinet.com

attacker authorization cwe deletion +9

FortiClient for Windows - Hardcoded credentials in vcm2.exe 2 weeks, 2 days ago | fortiguard.fortinet.com

attacker bypass credentials cwe +8

FortiEDRCollector (Windows) - Protection may be disabled by local attacker 2 weeks, 2 days ago | fortiguard.fortinet.com

access access control attacker control +15

FortiManager & FortiAnalyzer - Use of hardcoded credentials in fmgsvrd 2 weeks, 2 days ago | fortiguard.fortinet.com

access attacker credentials cwe +10

Senior Vice President, Cybersecurity and Runtime Operations

@ 2U | US-MD-Lanham//US-Remote

View on infosec-jobs.com

Dreadnought Product Security Lead - Submarines

@ Rolls-Royce | Derby - Jubilee House (UK-JH)

View on infosec-jobs.com

Senior Product Security Engineer

@ Narvar | Hybrid - Bengaluru

View on infosec-jobs.com

Managing Consultant - Advisors Business Development

@ Mastercard | Mumbai, India

View on infosec-jobs.com

Principal Security Engineer

@ Highspot | Vancouver, BC

View on infosec-jobs.com

Incident Response Specialist

@ Wabtec | Bengaluru - KA - IND (ITC Greens)

View on infosec-jobs.com

View more jobs

all InfoSec news

FortiClient for Windows - Hardcoded credentials in vcm2.exe

More from fortiguard.fortinet.com / FortiGuard Labs | FortiGuard Center - IR Advisories

Jobs in InfoSec / Cybersecurity

Senior Vice President, Cybersecurity and Runtime Operations

Dreadnought Product Security Lead - Submarines

Senior Product Security Engineer

Managing Consultant - Advisors Business Development

Principal Security Engineer

Incident Response Specialist