Potential Man-In-The Middle Vulnerability in FortiClient VPN
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-13-008
Final
1
1
2013-05-13T00:00:00
Current version
2013-05-13T00:00:00
2013-05-13T00:00:00
Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow an attacker to intercept user credentials in a man-in-the-middle attack.
Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow an attacker to intercept user credentials in a man-in-the-middle attack.
Critical
FortiClient Lite 4.3.3.445 for WindowsFortiClient 4.3.3.445 for WindowsFortiClient 4.0.2 for MacOSFortiClient SSL VPN 4.0.2012 for LinuxFortiClient Lite 2.0 for Android
Solutions have been available since April 2012. It is recommended to update to a version greater or equal to the following affected product list:FortiClient Lite 4.3.4.461 for WindowsFortiClient 4.3.5.472 for WindowsFortiClient 4.0.3.134 for MacOSFortiClient SSL VPN 4.0.2258 for LinuxFortiClient 4.0 for Android (Replaces FortiClient Lite 2.0)
https://fortiguard.fortinet.com/psirt/FG-IR-13-008
Potential Man-In-The Middle Vulnerability in FortiClient VPN
<a href="http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html">Neohapsis</a>
<a href="http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html">Neohapsis</a>
Cédric Tissières and Philippe Oechslin, Objectif Sécurité
Potential Man-In-The Middle Vulnerability in FortiClient VPN
https://fortiguard.fortinet.com/psirt/FG-IR-13-008
Potential Man-In-The Middle Vulnerability in FortiClient VPN
Reference>
<a href="http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html">Neohapsis</a>
<a href="http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html">Neohapsis</a>