virus logo FortiClient Vulnerability

OpenSSL CVE-2020-7043 Certificate Validation Bypass Vulnerability

description-logoDescription

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider \'\\0\' characters, as demonstrated by a good.example.com\\x00evil.example.com attack.

affected-products-logoAffected Applications

OpenSSL

CVE References

CVE-2020-7043

Other References

https://www.openssl.org/news/vulnerabilities.html
ID 73669
Created Nov 03, 2022
Description
Updated		 Dec 18, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon
Coverage FortiClient
OS Windows
Vendor OpenSSL
Patch manual
Application OpenSSL