Re: SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products
Hi, we received incorrect version information during the coordination phase thus our initial advisory stated that FortiOS v6.0.7 fixes the issue. Fortinet has just now confirmed that only v6.2.0 includes the patch. See their advisory: https://fortiguard.com/psirt/FG-IR-18-100 SEC Consult
SEC Consult SA-20191125-0 :: FortiGuard XOR Encryption in Multiple Fortinet Products
SEC Consult Vulnerability Lab Security Advisory < 20191125-0 > === title: FortiGuard XOR Encryption product: Multiple Fortinet Products (see Vulnerable / tested versions) vulnerable version: Multiple