FortiTokenMobile - Missing digital certificate validation
An improper validation of certificate with host mismatch vulnerability [CWE-297] in FortiTokenMobile may allow an unauthenticated user to spoof the validation server identity and achieve a Man-in-the-Middle attack.
FortiTokenMobile for Android v5.0.3 or below is impacted
FortiTokenMobile for iOS v5.2.0 or below is impacted
FortiTokenMobile for Windows v4.0.3 or below is impacted
Upgrade FortiTokenMobile for Android to version 5.1.0 or above
Upgrade FortiTokenMobile for iOS to version 5.3.0 or above
Upgrade FortiTokenMobile for Windows to version 4.1.0 or above