Fortinet FortiOS through 7.6.6 allows attackers to decrypt LDAP credentials stored in device configuration files, as exploited in the wild from 2025-12-16 through 2026 (by default, the encryption key is the same across all customers installations). NOTE: the Suppliers position is that the instance of CWE-1394 is not a vulnerability because customers are supposed to enable a non-default option that eliminates the weakness. However, that non-default option can disrupt functionality as shown in the Managing FortiGates with private data encryption document, and is therefore intentionally not a default option.
Weakness
The product uses a default cryptographic key for potentially critical functionality.