FortiMail - Improper use of cryptographic primitives in IBE KeyStore
Summary
Missing cryptographic steps in FortiMail IBE may allow an attacker who comes in possession of the encrypted master keys to compromise their confidentiality by observing a few invariant properties of the ciphertext.
Affected Products
FortiMail version 6.4.4 and below.
FortiMail version 6.2.6 and below.
Solutions
Please upgrade to FortiMail version 7.0.0 or above