FortiOS - Improper verification of the user certificate's chain of trust in FortiGate when connecting to SSL-VPN


An improper following of a certificate's chain of trust vulnerability in FortiGate SSL-VPN may allow an LDAP user to connect to VPN with any certificate that is signed by a trusted Certificate Authority.

Affected Products

FortiGate version 6.4.2 to 6.4.4.  
FortiGate versions 5.6.x, 6.0.x and 6.2.x, 6.4.0 and 6.4.1 are NOT impacted by this vulnerability.


Please upgrade to FortiGate Version 6.4.5 or above.
Please upgrade to FortiGate Version 7.0.0.


Fortinet is pleased to thank María Teresa Muñoz Blanco from Vectoritcgroup for reporting this vulnerability under responsible disclosure.