FortiClient VPN Client Password Disclosure Vulnerability

Last Update Date: 3 May 2013 12:17 Release Date: 3 May 2013 4344 Views

RISK: Medium Risk

Medium Risk

TYPE: Security software and application - Security Software & Appliance

TYPE: Security Software & Appliance

A vulnerability has been identified in FortiClient VPN Client, which can be exploited by remote user to obtain the target user's VPN password. A remote user that can conduct a man-in-the-middle attack and cause the VPN client to connect to a proxy server can obtain the target user's VPN password. The VPN client correctly detects that the SSL certificate is not correct but sends the target user's VPN password before warning the target user of the incorrect SSL certificate.

Impact

  • Information Disclosure

System / Technologies affected

  • FortiClient prior to 4.3 patch 11

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • Update to FortiClient 4.3 patch 11

Vulnerability Identifier

  • No CVE information is available

Source

Related Link

Share with

Previous

Cisco Prime Central for Hosted Collaboration Solution Multiple Vulnerabilities

3 May 2013 4016 Views

Next

IBM WebSphere Message Broker Java Multiple Vulnerabilities

6 May 2013 4083 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY