DescriptionFREAK is an attack on SSL/TLS, which allows "Man in the Middle" attackers to decipher and alter HTTPS connections between a server supporting "export-grade" cipher suites and a vulnerable client.
It consists in downgrading the connection's encryption from "strong" RSA to "export-grade" RSA, by leveraging a vulnerability (CVE-2015-0204) on the client side.
The "export-grade" encryption is weak enough to be broken by the attacker, who can then decipher and alter the connection.
Impact DetailMitM that could lead to traffic alteration or decryption.
Affected ProductsAffected products:
FortiOS 5.2.2 and earlier allow SSL connections that pass-through the SSLVPN web-mode feature with export-grade ciphers if remote HTTPS end servers are vulnerable to FREAK.
Other FortiOS features are not affected by TLS FREAK.
FortiMail all versions, in its default configuration (see solutions below).
Products confirmed not affected:
Upgrade to FortiOS 5.2.3 / 5.0.11
For FortiOS 4.3.x, 5.0.x, 5.2.0 and 5.2.1, a full workaround consists in enabling strong-crypto:
config system global set strong-crypto enable endFor FortiOS 5.2.2, a workaround for customers using the FortiGate SSL-VPN portal web mode feature should verify the HTTPS websites that are allowed through the bookmarks and connection info widgets.
Bookmarks: Go to VPN > SSL > Portal menu and check HTTPS bookmarks in SSLVPN profiles that offer web mode.
Connection info: Review the destination addresses included in the firewall policies with an SSL-VPN portal in web mode assigned.
If one or more HTTPS websites are not patched against the FREAK vulnerability, Fortinet PSIRT advise customers to disable bookmark or restrict the allowed destination addresses in order to remove access to vulnerable remote web servers.
FortiGate IPS signature
FortiGate can protect SSL connections against the downgrade attack.
Make sure the IPS signature called SSL.RSA.Temporary.Key.Security.Bypass is enabled. It is available in IPS update 5.619.
The following command must be set to prevent weak ciphers to be negotiated on FortiMail with default configuration:
config system globalset strong-crypto enableend