PSIRT Advisories
FortiTokenMobile - Missing digital certificate validation
Summary
An improper validation of certificate with host mismatch vulnerability [CWE-297] in FortiTokenMobile may allow an unauthenticated user to spoof the validation server identity and achieve a Man-in-the-Middle attack.
Affected Products
FortiTokenMobile for Android v5.0.3 or below is impacted
FortiTokenMobile for iOS v5.2.0 or below is impacted
FortiTokenMobile for Windows v4.0.3 or below is impacted
Solutions
Upgrade FortiTokenMobile for Android to version 5.1.0 or above
Upgrade FortiTokenMobile for iOS to version 5.3.0 or above
Upgrade FortiTokenMobile for Windows to version 4.1.0 or above