Improper permission or value checking in the CLI console may allow a non-privileged user to obtain plaint text private keys of system’s builtin local certificates via unsetting the keys encryption password or for user uploaded local certificates via setting an empty password. Note that backed up config files can be restored onto a version of FortiOS or FortiProxy vulnerable to this, in order to obtain the plaintext versions of local certificates private keys encrypted in those config files.