Potential Man-In-The Middle Vulnerability in FortiClient VPN Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-13-008 Final 1 1 2013-05-13T00:00:00 Current version 2013-05-13T00:00:00 2013-05-13T00:00:00 Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow an attacker to intercept user credentials in a man-in-the-middle attack. Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow an attacker to intercept user credentials in a man-in-the-middle attack. Critical FortiClient Lite 4.3.3.445 for WindowsFortiClient 4.3.3.445 for WindowsFortiClient 4.0.2 for MacOSFortiClient SSL VPN 4.0.2012 for LinuxFortiClient Lite 2.0 for Android Solutions have been available since April 2012. It is recommended to update to a version greater or equal to the following affected product list:FortiClient Lite 4.3.4.461 for WindowsFortiClient 4.3.5.472 for WindowsFortiClient 4.0.3.134 for MacOSFortiClient SSL VPN 4.0.2258 for LinuxFortiClient 4.0 for Android (Replaces FortiClient Lite 2.0) https://fortiguard.fortinet.com/psirt/FG-IR-13-008 Potential Man-In-The Middle Vulnerability in FortiClient VPN <a href="http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html">Neohapsis</a> <a href="http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html">Neohapsis</a> Cédric Tissières and Philippe Oechslin, Objectif Sécurité https://fortiguard.fortinet.com/psirt/FG-IR-13-008 Potential Man-In-The Middle Vulnerability in FortiClient VPN Reference> <a href="http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html">Neohapsis</a> <a href="http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html">Neohapsis</a>