Potential Man-In-The Middle Vulnerability in FortiClient VPN

Summary

Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow an attacker to intercept user credentials in a man-in-the-middle attack.

description-logo Description

Under certain conditions, FortiClient VPN may be susceptible to a certificate validation vulnerability which would allow an attacker to intercept user credentials in a man-in-the-middle attack.

Impact Detail

If an attack is successful, full credentials will be revealed and thus full access to the VPN from an outside attacker would be possible.

Affected Products

  • FortiClient Lite 4.3.3.445 for Windows
  • FortiClient 4.3.3.445 for Windows
  • FortiClient 4.0.2 for MacOS
  • FortiClient SSL VPN 4.0.2012 for Linux
  • FortiClient Lite 2.0 for Android

Solutions

Solutions have been available since April 2012. It is recommended to update to a version greater or equal to the following affected product list:
  • FortiClient Lite 4.3.4.461 for Windows
  • FortiClient 4.3.5.472 for Windows
  • FortiClient 4.0.3.134 for MacOS
  • FortiClient SSL VPN 4.0.2258 for Linux
  • FortiClient 4.0 for Android (Replaces FortiClient Lite 2.0)

Acknowledgement

Cédric Tissières and Philippe Oechslin, Objectif Sécurité

References