PSIRTFortiClient(All) - Lack of client-side certificate validation using SAML SSO
Summary
An improper certificate validation vulnerability [CWE-295] in FortiClientWindows, FortiClientMac, FortiClientLinux, FortiClientAndroid and FortiClientiOS SAML SSO feature may allow an unauthenticated attacker to man-in-the-middle the communication between the FortiClient and both the service provider and the identity provider.
| Version | Affected | Solution |
|---|---|---|
| FortiClientAndroid 7.2 | 7.2.0 | Upgrade to 7.2.1 or above |
| FortiClientAndroid 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiClientAndroid 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiClientAndroid 6.0 | 6.0 all versions | Migrate to a fixed release |
| FortiClientAndroid 5.6 | 5.6 all versions | Migrate to a fixed release |
| FortiClientAndroid 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiClientAndroid 5.2 | 5.2 all versions | Migrate to a fixed release |
| FortiClientAndroid 5.0 | 5.0 all versions | Migrate to a fixed release |
| FortiClientLinux 7.4 | Not affected | Not Applicable |
| FortiClientLinux 7.2 | 7.2.0 through 7.2.4 | Upgrade to 7.2.5 or above |
| FortiClientLinux 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiClientLinux 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiClientMac 7.4 | Not affected | Not Applicable |
| FortiClientMac 7.2 | 7.2.0 through 7.2.4 | Upgrade to 7.2.5 or above |
| FortiClientMac 7.0 | 7.0 all versions | Migrate to a fixed release |
| FortiClientMac 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiClientWindows 7.2 | Not affected | Not Applicable |
| FortiClientWindows 7.0 | 7.0.0 through 7.0.7 | Upgrade to 7.0.8 or above |
| FortiClientWindows 6.4 | 6.4 all versions | Migrate to a fixed release |
| FortiClientiOS 7.0 | 7.0.3 through 7.0.6 | Upgrade to 7.0.7 or above |
| FortiClientiOS 7.0 | 7.0.0 through 7.0.1 | Upgrade to 7.0.7 or above |
| FortiClientiOS 6.0 | 6.0.0 through 6.0.1 | Migrate to a fixed release |
| FortiClientiOS 5.6 | 5.6 all versions | Migrate to a fixed release |
| FortiClientiOS 5.4 | 5.4 all versions | Migrate to a fixed release |
| FortiClientiOS 5.2 | 5.2 all versions | Migrate to a fixed release |
| FortiClientiOS 5.0 | 5.0 all versions | Migrate to a fixed release |
| FortiClientiOS 4.0 | 4.0 all versions | Migrate to a fixed release |
| FortiClientiOS 2.0 | 2.0 all versions | Migrate to a fixed release |
Acknowledgement
Fortinet is pleased to thank Ka Lok WU, Man Hong HUE, Ngai Man POON, Sze Yiu CHAU from the department of Information Engineering, the Chinese University of Hong Kong and Christian Hilgers from indevis for reporting this vulnerability under responsible disclosure.Timeline
2024-09-10: Initial publication
2025-01-10: Added another reporter