PSIRT Advisories

FortiOS - Missing certificate CN/SAN validation leads to information disclosure

Summary

An improper validation of certificate with host mismatch [CWE-297] vulnerability in FortiOS may allow the connection to a malicious LDAP server via options in GUI, leading to disclosure of sensitive information, such as AD credentials.

Affected Products

FortiGate version 7.0.1 and below.
FortiGate version 6.4.6 and below.
FortiGate version 6.2.9 and below.

Solutions

Please upgrade to FortiGate version 7.0.2 or above.
Please upgrade to FortiGate version 6.4.7 or above.
Please upgrade to FortiGate version 6.2.10 or above.

Acknowledgement

Fortinet is pleased to thank John Headley from VPLS for reporting this vulnerability under responsible disclosure.