Missing digital certificate validation

Missing digital certificate validation Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-21-024 Final 1 1 2022-06-07T00:00:00 Current version 2022-06-07T00:00:00 2022-06-07T00:00:00 An improper validation of certificate with host mismatch vulnerability [CWE-297] in FortiTokenMobile may allow an unauthenticated user to spoof the validation server identity and achieve a Man-in-the-Middle attack. None Information disclosure FortiTokenIOS 5.4 all versions are not affectedFortiTokenIOS 5.3 all versions are not affectedFortiTokenIOS 5.2 all versionsFortiTokenIOS 5.1 all versions are not affectedFortiTokenIOS 5.0 all versions are not affectedFortiTokenIOS 4.6 all versions are not affectedFortiTokenIOS 4.3 all versionsFortiTokenIOS 4.2 all versionsFortiTokenIOS 4.1 all versionsFortiTokenIOS 3.0 all versionsFortiTokenAndroid 5.2 all versions are not affectedFortiTokenAndroid 5.1 all versions are not affectedFortiTokenAndroid 5.0 all versionsFortiTokenAndroid 4.5 all versionsFortiTokenAndroid 4.4 all versionsFortiTokenAndroid 4.3 all versionsFortiTokenAndroid 4.2 all versionsFortiTokenAndroid 4.1 all versionsFortiTokenAndroid 4.0 all versionsFortiTokenAndroid 3.0 all versionsFortiTokenAndroid 0.4 all versionsFortiTokenMobileWP 4.1 all versions are not affectedFortiTokenMobileWP 4.0 all versionsFortiTokenMobileWP 3.0 all versions Upgrade FortiTokenMobile for Android to version 5.1.0 or aboveUpgrade FortiTokenMobile for iOS to version 5.3.0 or aboveUpgrade FortiTokenMobile for Windows to version 4.1.0 or above FortiTokenAndroid 5.0.3 FortiTokenAndroid 5.0.2 FortiTokenAndroid 4.5.0 FortiTokenAndroid 4.4.0 FortiTokenAndroid 4.3.0 FortiTokenAndroid 4.2.2 FortiTokenAndroid 4.2.1 FortiTokenAndroid 4.1.1 FortiTokenAndroid 4.0.1 FortiTokenAndroid 4.0.0 FortiTokenAndroid 3.0.4 FortiTokenAndroid 3.0.3 FortiTokenAndroid 3.0.2 FortiTokenAndroid 3.0.1 FortiTokenAndroid 3.0.0 FortiTokenAndroid 0.4.20 FortiTokenAndroid 0.4.10 FortiTokenIOS 5.2.0 FortiTokenIOS 4.3.0 FortiTokenIOS 4.2.0 FortiTokenIOS 4.1.1 FortiTokenIOS 4.1.0 FortiTokenIOS 3.0.5 FortiTokenIOS 3.0.4 FortiTokenIOS 3.0.3 FortiTokenIOS 3.0.2 FortiTokenIOS 3.0.1 FortiTokenMobileWP 4.0.3 FortiTokenMobileWP 3.0.1 FortiTokenMobileWP 3.0.0 Missing digital certificate validation CVE-2021-22131 FortiTokenAndroid-5.0.3 FortiTokenAndroid-5.0.2 FortiTokenAndroid-4.5.0 FortiTokenAndroid-4.4.0 FortiTokenAndroid-4.3.0 FortiTokenAndroid-4.2.2 FortiTokenAndroid-4.2.1 FortiTokenAndroid-4.1.1 FortiTokenAndroid-4.0.1 FortiTokenAndroid-4.0.0 FortiTokenAndroid-3.0.4 FortiTokenAndroid-3.0.3 FortiTokenAndroid-3.0.2 FortiTokenAndroid-3.0.1 FortiTokenAndroid-3.0.0 FortiTokenAndroid-0.4.20 FortiTokenAndroid-0.4.10 FortiTokenIOS-5.2.0 FortiTokenIOS-4.3.0 FortiTokenIOS-4.2.0 FortiTokenIOS-4.1.1 FortiTokenIOS-4.1.0 FortiTokenIOS-3.0.5 FortiTokenIOS-3.0.4 FortiTokenIOS-3.0.3 FortiTokenIOS-3.0.2 FortiTokenIOS-3.0.1 FortiTokenMobileWP-4.0.3 FortiTokenMobileWP-3.0.1 FortiTokenMobileWP-3.0.0 6.1 CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:H/E:P/RL:X/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-21-024 Missing digital certificate validation Reference>