Re: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products

Hi, we received incorrect version information during the coordination phase thus our initial advisory stated that FortiOS v6.0.7 fixes the issue. Fortinet has just now confirmed that only v6.2.0 includes the patch. See their advisory: https://fortiguard.com/psirt/FG-IR-18-100 SEC Consult

SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products

SEC Consult Vulnerability Lab Security Advisory < 20191125-0 > === title: FortiGuard XOR Encryption product: Multiple Fortinet Products (see Vulnerable / tested versions) vulnerable version: Multiple