FortiClient prior to 4.3.5.472 on Windows, prior to 4.0.3.134 on Mac OS X, and prior to 4.0 on Android; FortiClient Lite prior to 4.3.4.461 on Windows; FortiClient Lite 2.0 up to and including 2.0.0223 on Android; and FortiClient SSL VPN prior to 4.0.2258 on Linux proceed with an SSL session after determining that the server's X.509 certificate is invalid, which allows man-in-the-middle malicious users to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
fortinet forticlient |
||
fortinet forticlient_lite |
||
fortinet forticlient_ssl_vpn |