FortiClient(All) - Lack of client-side certificate validation using SAML SSO

FortiClient(All) - Lack of client-side certificate validation using SAML SSO Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-22-230 Final 1 1 2024-09-10T00:00:00 Current version 2024-09-10T00:00:00 2025-01-10T00:00:00 An improper certificate validation vulnerability [CWE-295] in FortiClientWindows, FortiClientMac, FortiClientLinux, FortiClientAndroid and FortiClientiOS SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider. None Information disclosure Fortinet is pleased to thank Ka Lok WU, Man Hong HUE, Ngai Man POON, Sze Yiu CHAU from the department of Information Engineering, the Chinese University of Hong Kong and Christian Hilgers from indevis for reporting this vulnerability under responsible disclosure. FortiClientAndroid 7.2.0 FortiClientAndroid 7.0.7 FortiClientAndroid 7.0.6 FortiClientAndroid 7.0.3 FortiClientAndroid 7.0.2 FortiClientAndroid 7.0.0 FortiClientAndroid 6.4.6 FortiClientAndroid 6.4.4 FortiClientAndroid 6.4.1 FortiClientAndroid 6.0.0 FortiClientAndroid 5.6.0 FortiClientAndroid 5.4.2 FortiClientAndroid 5.4.1 FortiClientAndroid 5.4.0 FortiClientAndroid 5.2.8 FortiClientAndroid 5.2.7 FortiClientAndroid 5.2.6 FortiClientAndroid 5.2.5 FortiClientAndroid 5.2.4 FortiClientAndroid 5.2.3 FortiClientAndroid 5.2.2 FortiClientAndroid 5.2.1 FortiClientAndroid 5.2.0 FortiClientAndroid 5.0.3 FortiClientAndroid 5.0.2 FortiClientAndroid 5.0.1 FortiClientAndroid 5.0.0 FortiClientLinux 7.2.4 FortiClientLinux 7.2.3 FortiClientLinux 7.2.2 FortiClientLinux 7.2.1 FortiClientLinux 7.2.0 FortiClientLinux 7.0.13 FortiClientLinux 7.0.12 FortiClientLinux 7.0.11 FortiClientLinux 7.0.10 FortiClientLinux 7.0.9 FortiClientLinux 7.0.8 FortiClientLinux 7.0.7 FortiClientLinux 7.0.6 FortiClientLinux 7.0.5 FortiClientLinux 7.0.4 FortiClientLinux 7.0.3 FortiClientLinux 7.0.2 FortiClientLinux 7.0.1 FortiClientLinux 7.0.0 FortiClientLinux 6.4.9 FortiClientLinux 6.4.8 FortiClientLinux 6.4.7 FortiClientLinux 6.4.4 FortiClientLinux 6.4.3 FortiClientLinux 6.4.2 FortiClientLinux 6.4.1 FortiClientLinux 6.4.0 FortiClientMac 7.2.4 FortiClientMac 7.2.3 FortiClientMac 7.2.2 FortiClientMac 7.2.1 FortiClientMac 7.2.0 FortiClientMac 7.0.14 FortiClientMac 7.0.13 FortiClientMac 7.0.12 FortiClientMac 7.0.11 FortiClientMac 7.0.10 FortiClientMac 7.0.9 FortiClientMac 7.0.8 FortiClientMac 7.0.7 FortiClientMac 7.0.6 FortiClientMac 7.0.5 FortiClientMac 7.0.4 FortiClientMac 7.0.3 FortiClientMac 7.0.2 FortiClientMac 7.0.1 FortiClientMac 7.0.0 FortiClientMac 6.4.10 FortiClientMac 6.4.9 FortiClientMac 6.4.8 FortiClientMac 6.4.7 FortiClientMac 6.4.6 FortiClientMac 6.4.5 FortiClientMac 6.4.4 FortiClientMac 6.4.3 FortiClientMac 6.4.2 FortiClientMac 6.4.1 FortiClientMac 6.4.0 FortiClientWindows 7.0.7 FortiClientWindows 7.0.6 FortiClientWindows 7.0.5 FortiClientWindows 7.0.4 FortiClientWindows 7.0.3 FortiClientWindows 7.0.2 FortiClientWindows 7.0.1 FortiClientWindows 7.0.0 FortiClientWindows 6.4.10 FortiClientWindows 6.4.9 FortiClientWindows 6.4.8 FortiClientWindows 6.4.7 FortiClientWindows 6.4.6 FortiClientWindows 6.4.5 FortiClientWindows 6.4.4 FortiClientWindows 6.4.3 FortiClientWindows 6.4.2 FortiClientWindows 6.4.1 FortiClientWindows 6.4.0 FortiClientiOS 7.0.6 FortiClientiOS 7.0.5 FortiClientiOS 7.0.4 FortiClientiOS 7.0.3 FortiClientiOS 7.0.1 FortiClientiOS 7.0.0 FortiClientiOS 6.0.1 FortiClientiOS 6.0.0 FortiClientiOS 5.6.6 FortiClientiOS 5.6.5 FortiClientiOS 5.6.1 FortiClientiOS 5.6.0 FortiClientiOS 5.4.4 FortiClientiOS 5.4.3 FortiClientiOS 5.4.1 FortiClientiOS 5.4.0 FortiClientiOS 5.2.3 FortiClientiOS 5.2.2 FortiClientiOS 5.2.1 FortiClientiOS 5.2.0 FortiClientiOS 5.0.3 FortiClientiOS 5.0.2 FortiClientiOS 5.0.1 FortiClientiOS 5.0.0 FortiClientiOS 4.0.2 FortiClientiOS 4.0.1 FortiClientiOS 4.0.0 FortiClientiOS 2.0.1 FortiClientiOS 2.0.0 FortiClient(All) - Lack of client-side certificate validation using SAML SSO CVE-2022-45856 FortiClientAndroid-7.2.0 FortiClientAndroid-7.0.7 FortiClientAndroid-7.0.6 FortiClientAndroid-7.0.3 FortiClientAndroid-7.0.2 FortiClientAndroid-7.0.0 FortiClientAndroid-6.4.6 FortiClientAndroid-6.4.4 FortiClientAndroid-6.4.1 FortiClientAndroid-6.0.0 FortiClientAndroid-5.6.0 FortiClientAndroid-5.4.2 FortiClientAndroid-5.4.1 FortiClientAndroid-5.4.0 FortiClientAndroid-5.2.8 FortiClientAndroid-5.2.7 FortiClientAndroid-5.2.6 FortiClientAndroid-5.2.5 FortiClientAndroid-5.2.4 FortiClientAndroid-5.2.3 FortiClientAndroid-5.2.2 FortiClientAndroid-5.2.1 FortiClientAndroid-5.2.0 FortiClientAndroid-5.0.3 FortiClientAndroid-5.0.2 FortiClientAndroid-5.0.1 FortiClientAndroid-5.0.0 FortiClientLinux-7.2.4 FortiClientLinux-7.2.3 FortiClientLinux-7.2.2 FortiClientLinux-7.2.1 FortiClientLinux-7.2.0 FortiClientLinux-7.0.13 FortiClientLinux-7.0.12 FortiClientLinux-7.0.11 FortiClientLinux-7.0.10 FortiClientLinux-7.0.9 FortiClientLinux-7.0.8 FortiClientLinux-7.0.7 FortiClientLinux-7.0.6 FortiClientLinux-7.0.5 FortiClientLinux-7.0.4 FortiClientLinux-7.0.3 FortiClientLinux-7.0.2 FortiClientLinux-7.0.1 FortiClientLinux-7.0.0 FortiClientLinux-6.4.9 FortiClientLinux-6.4.8 FortiClientLinux-6.4.7 FortiClientLinux-6.4.4 FortiClientLinux-6.4.3 FortiClientLinux-6.4.2 FortiClientLinux-6.4.1 FortiClientLinux-6.4.0 FortiClientMac-7.2.4 FortiClientMac-7.2.3 FortiClientMac-7.2.2 FortiClientMac-7.2.1 FortiClientMac-7.2.0 FortiClientMac-7.0.14 FortiClientMac-7.0.13 FortiClientMac-7.0.12 FortiClientMac-7.0.11 FortiClientMac-7.0.10 FortiClientMac-7.0.9 FortiClientMac-7.0.8 FortiClientMac-7.0.7 FortiClientMac-7.0.6 FortiClientMac-7.0.5 FortiClientMac-7.0.4 FortiClientMac-7.0.3 FortiClientMac-7.0.2 FortiClientMac-7.0.1 FortiClientMac-7.0.0 FortiClientMac-6.4.10 FortiClientMac-6.4.9 FortiClientMac-6.4.8 FortiClientMac-6.4.7 FortiClientMac-6.4.6 FortiClientMac-6.4.5 FortiClientMac-6.4.4 FortiClientMac-6.4.3 FortiClientMac-6.4.2 FortiClientMac-6.4.1 FortiClientMac-6.4.0 FortiClientWindows-7.0.7 FortiClientWindows-7.0.6 FortiClientWindows-7.0.5 FortiClientWindows-7.0.4 FortiClientWindows-7.0.3 FortiClientWindows-7.0.2 FortiClientWindows-7.0.1 FortiClientWindows-7.0.0 FortiClientWindows-6.4.10 FortiClientWindows-6.4.9 FortiClientWindows-6.4.8 FortiClientWindows-6.4.7 FortiClientWindows-6.4.6 FortiClientWindows-6.4.5 FortiClientWindows-6.4.4 FortiClientWindows-6.4.3 FortiClientWindows-6.4.2 FortiClientWindows-6.4.1 FortiClientWindows-6.4.0 FortiClientiOS-7.0.6 FortiClientiOS-7.0.5 FortiClientiOS-7.0.4 FortiClientiOS-7.0.3 FortiClientiOS-7.0.1 FortiClientiOS-7.0.0 FortiClientiOS-6.0.1 FortiClientiOS-6.0.0 FortiClientiOS-5.6.6 FortiClientiOS-5.6.5 FortiClientiOS-5.6.1 FortiClientiOS-5.6.0 FortiClientiOS-5.4.4 FortiClientiOS-5.4.3 FortiClientiOS-5.4.1 FortiClientiOS-5.4.0 FortiClientiOS-5.2.3 FortiClientiOS-5.2.2 FortiClientiOS-5.2.1 FortiClientiOS-5.2.0 FortiClientiOS-5.0.3 FortiClientiOS-5.0.2 FortiClientiOS-5.0.1 FortiClientiOS-5.0.0 FortiClientiOS-4.0.2 FortiClientiOS-4.0.1 FortiClientiOS-4.0.0 FortiClientiOS-2.0.1 FortiClientiOS-2.0.0 4.6 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:N/E:P/RL:U/RC:C https://fortiguard.fortinet.com/psirt/FG-IR-22-230 FortiClient(All) - Lack of client-side certificate validation using SAML SSO Reference>