"POODLE has friends" vulnerability

ID FG-IR-15-016
Type fortinet
Reporter FortiGuard Labs
Modified 2015-07-15T00:00:00


The SSL-VPN feature of FortiOS 4.3.12 and lower only checks the first byte of the TLS MAC in the finished message. An attacker may intercept encrypted packets in transit and modifying their contents by changing the middle or the end of the MAC field in the TLS finished message.