Summary
Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow an attacker to intercept user credentials in a man-in-the-middle attack.
Description
Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow an attacker to intercept user credentials in a man-in-the-middle attack.
Impact Detail
If an attack is successful, full credentials will be revealed and thus full access to the VPN from an outside attacker would be possible.
Affected Products
- FortiClient Lite 4.3.3.445 for Windows
- FortiClient 4.3.3.445 for Windows
- FortiClient 4.0.2 for MacOS
- FortiClient SSL VPN 4.0.2012 for Linux
- FortiClient Lite 2.0 for Android
Solutions
Solutions have been available since April 2012. It is recommended to update to a version greater or equal to the following affected product list:
- FortiClient Lite 4.3.4.461 for Windows
- FortiClient 4.3.5.472 for Windows
- FortiClient 4.0.3.134 for MacOS
- FortiClient SSL VPN 4.0.2258 for Linux
- FortiClient 4.0 for Android (Replaces FortiClient Lite 2.0)
Acknowledgement
Cédric Tissières and Philippe Oechslin, Objectif Sécurité