FortiClient VulnerabilityOpenSSL CVE-2020-7042 Certificate Validation Bypass Vulnerability
Description
An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. tunnel.c mishandles certificate validation because the hostname check operates on uninitialized memory. The outcome is that a valid certificate is never accepted (only a malformed certificate may be accepted).
Affected Applications
OpenSSL
CVE References
CVE-2020-7042Other References
https://www.openssl.org/news/vulnerabilities.html| ID | 73668 |
| Created | Nov 03, 2022 |
| Description Updated |
Dec 18, 2023 |
| Risk |
|
| Coverage | FortiClient |
| OS | Windows |
| Vendor | OpenSSL |
| Patch | manual |
| Application | OpenSSL |