CVE-2013-4669

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:fortinet:forticlient_lite:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:fortinet:forticlient_ssl_vpn:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:fortinet:forticlient_lite:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

History

21 Nov 2024, 01:56

Type Values Removed Values Added
References () http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html - () http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html -
References () http://objectif-securite.ch/forticlient_bulletin.php - () http://objectif-securite.ch/forticlient_bulletin.php -
References () http://www.fortiguard.com/advisory/Potential-Man-In-The-Middle-Vulnerability-in-FortiClient-VPN/ - () http://www.fortiguard.com/advisory/Potential-Man-In-The-Middle-Vulnerability-in-FortiClient-VPN/ -
References () http://www.securityfocus.com/bid/59604 - () http://www.securityfocus.com/bid/59604 -

Information

Published : 2013-06-25 14:38

Updated : 2024-11-21 01:56


NVD link : CVE-2013-4669

Mitre link : CVE-2013-4669

CVE.ORG link : CVE-2013-4669


JSON object : View

Products Affected

fortinet

  • forticlient_ssl_vpn
  • forticlient
  • forticlient_lite

google

  • android

microsoft

  • windows

linux

  • linux_kernel

apple

  • mac_os_x
CWE
CWE-255

Credentials Management Errors

CWE-310

Cryptographic Issues