
=====================================================================

                           CERT-Renater

               Note d'Information No. 2013/VULN196
_____________________________________________________________________

DATE                : 16/05/2013

HARDWARE PLATFORM(S): /

OPERATING SYSTEM(S) : Systems running FortiClient, FortiClient Lite,
                            FortiClient SSL VPN.

======================================================================
http://www.fortiguard.com/advisory/Potential-Man-In-The-Middle-Vulnerability-in-FortiClient-VPN/
______________________________________________________________________

Potential Man-In-The Middle Vulnerability in FortiClient VPN

Under certain conditions, FortiClient VPN may be susceptible to a
certificate validation vulnerability which would allow an attacker to
intercept user credentials in a man-in-the-middle attack.


Impact

If an attack is successful, full credentials will be revealed and thus
full access to the VPN from an outside attacker would be possible.

Affected Products

    FortiClient Lite 4.3.3.445 for Windows
    FortiClient 4.3.3.445 for Windows
    FortiClient 4.0.2 for MacOS
    FortiClient SSL VPN 4.0.2012 for Linux
    FortiClient Lite 2.0 for Android


Risk

This is a limited scenario where the FortiClient VPN client needs to be
tricked into connecting to a proxy server rather than to the original
firewall.

Solutions

Solutions have been available since April 2012. It is recommended to
update to a version greater or equal to the following affected product list:

    FortiClient Lite 4.3.4.461 for Windows
    FortiClient 4.3.5.472 for Windows
    FortiClient 4.0.3.134 for MacOS
    FortiClient SSL VPN 4.0.2258 for Linux
    FortiClient 4.0 for Android (Replaces FortiClient Lite 2.0)

Acknowledgement

CÃ©dric TissiÃ¨res and Philippe Oechslin, Objectif SÃ©curitÃ©

References

Neohapsis


======================================================================

=========================================================
Serveur de référence du CERT-Renater
https://services.renater.fr/ssi/
=========================================================
+ CERT-RENATER          | tel : 01-53-94-20-44          +
+ 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
+ 75013 Paris           | email: cert@support.renater.fr     +
=========================================================