FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem.
References
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
History
21 Nov 2024, 01:56
Type | Values Removed | Values Added |
---|---|---|
References | () http://archives.neohapsis.com/archives/fulldisclosure/2013-05/0001.html - | |
References | () http://objectif-securite.ch/forticlient_bulletin.php - | |
References | () http://www.fortiguard.com/advisory/Potential-Man-In-The-Middle-Vulnerability-in-FortiClient-VPN/ - | |
References | () http://www.securityfocus.com/bid/59604 - |
Information
Published : 2013-06-25 14:38
Updated : 2024-11-21 01:56
NVD link : CVE-2013-4669
Mitre link : CVE-2013-4669
CVE.ORG link : CVE-2013-4669
JSON object : View
Products Affected
fortinet
- forticlient_ssl_vpn
- forticlient
- forticlient_lite
- android
microsoft
- windows
linux
- linux_kernel
apple
- mac_os_x