Fortinet Forticlient vulnerabilities

CVE-2015-1453 [MEDIUM] CWE-310 CVE-2015-1453: The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtIn The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences.

CVE-2013-4669 [MEDIUM] CWE-255 CVE-2013-4669: FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; Fo FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man

CVE-2009-1262 [HIGH] CWE-134 CVE-2009-1262: Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local user Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name.