RSA-CRT key leak under certain conditions Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-16-008 Final 1 1 2016-05-16T00:00:00 Current version 2016-05-16T00:00:00 2016-05-16T00:00:00 FortiOS now includes for all SSL libraries a countermeasure against Lenstra's fault attack on RSA-CRT optimization when a RSA signature is corrupted. Man in the middle FortiGate with the SSLVPN web portal feature configured. Upgrade to FortiOS 5.0.13 / 5.2.6 / 5.4.0  As a workaround the SSLVPN web portal can be disabled https://fortiguard.fortinet.com/psirt/FG-IR-16-008 RSA-CRT key leak under certain conditions https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf CVE-2015-5738 https://fortiguard.fortinet.com/psirt/FG-IR-16-008 RSA-CRT key leak under certain conditions Reference> https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf https://people.redhat.com/~fweimer/rsa-crt-leaks.pdf