FortiManager TLS certificate validation failure
Fortinet PSIRT Advisories
Fortinet PSIRT Contact:
Website: https://fortiguard.fortinet.com/faq/psirt-contact
FG-IR-16-055
Final
1
1
2017-02-08T00:00:00
Current version
2017-02-08T00:00:00
2017-02-08T00:00:00
FortiManager does not properly validate TLS certificates when probing for devices to administer. This leads to potential pre-shared secret exposure.
FortiManager does not properly validate TLS certificates when probing for devices to administer. This leads to potential pre-shared secret exposure.
Credentials exposure
FortiManager 5.0.6 to 5.2.7 and 5.4.0 to 5.4.1.
Upgrade to FMG 5.2.8 and 5.4.2
Fortinet is pleased to thank the AirBus security team for reporting this vulnerability under responsible disclosure
FortiManager 5.4.1
FortiManager 5.4.0
FortiManager 5.2.7
FortiManager 5.2.6
FortiManager 5.2.5
FortiManager 5.2.4
FortiManager 5.2.3
FortiManager 5.2.2
FortiManager 5.2.1
FortiManager 5.2.0
FortiManager 5.0.12
FortiManager 5.0.11
FortiManager 5.0.10
FortiManager 5.0.9
FortiManager 5.0.8
FortiManager 5.0.7
FortiManager 5.0.6
FortiManager TLS certificate validation failure
CVE-2016-8495
FortiManager-5.4.1
FortiManager-5.4.0
FortiManager-5.2.7
FortiManager-5.2.6
FortiManager-5.2.5
FortiManager-5.2.4
FortiManager-5.2.3
FortiManager-5.2.2
FortiManager-5.2.1
FortiManager-5.2.0
FortiManager-5.0.12
FortiManager-5.0.11
FortiManager-5.0.10
FortiManager-5.0.9
FortiManager-5.0.8
FortiManager-5.0.7
FortiManager-5.0.6
0
https://fortiguard.fortinet.com/psirt/FG-IR-16-055
FortiManager TLS certificate validation failure
Reference>