CVE-2013-4669

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 2 (hide)

AND
cpe:2.3:a:fortinet:forticlient_lite:*:*:*:*:*:*:*:*
cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*

Configuration 3 (hide)

AND
cpe:2.3:a:fortinet:forticlient_ssl_vpn:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 4 (hide)

AND
cpe:2.3:a:fortinet:forticlient:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 5 (hide)

AND
cpe:2.3:a:fortinet:forticlient_lite:*:*:*:*:*:*:*:*
cpe:2.3:o:google:android:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2013-06-25 14:38

Updated : 2024-02-04 18:16


NVD link : CVE-2013-4669

Mitre link : CVE-2013-4669

CVE.ORG link : CVE-2013-4669


JSON object : View

Products Affected

fortinet

  • forticlient
  • forticlient_ssl_vpn
  • forticlient_lite

microsoft

  • windows

google

  • android

linux

  • linux_kernel

apple

  • mac_os_x
CWE
CWE-255

Credentials Management Errors

CWE-310

Cryptographic Issues