CVE-2015-1569

Fortinet FortiClient 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof SSL VPN servers via a crafted certificate...

CVE-2015-1570

Fortinet FortiClient on Android (5.2.3.091) and iOS (5.2.028) is affected by a certificate validation failure in the Endpoint Control protocol, enabling MITM via a crafted certificate. Root cause: the protocol does not validate certificates. Impact: potential server spoofing with partial integrit...

CVE-2015-1569

CVE-2015-1569 affects Fortinet FortiClient 5.2.028 for iOS, where certificate validation is not performed, enabling man-in-the-middle attackers to spoof SSL VPN servers with a crafted certificate. This is the explicit impact described in multiple connected sources; further exploitation details or...

CVE-2015-1570

The Endpoint Control protocol implementation in Fortinet FortiClient 5.2.3.091 for Android and 5.2.028 for iOS does not validate certificates, which makes it easier for man-in-the-middle attackers to spoof servers via a crafted certificate...

CVE-2015-1453

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences...

Hardcoded credentials

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences...

CVE-2015-1453

CVE-2015-1453 affects Fortinet FortiClient for Android 5.2.3.091, where the qm class uses a hardcoded encryption key (FoRtInEt!AnDrOiD). This enables an attacker to decrypt data stored in Shared Preferences and potentially obtain passwords or other sensitive data. The available sources describe t...

CVE-2015-1453

The qm class in Fortinet FortiClient 5.2.3.091 for Android uses a hardcoded encryption key of FoRtInEt!AnDrOiD, which makes it easier for attackers to obtain passwords and possibly other sensitive data by leveraging the key to decrypt data in the Shared Preferences...

Multiple Vulnerabilities in Fortinet FortiClient

Fortinet FortiClient is a unified standard security software agent for PCs and smartphones. Fortinet FortiClient has multiple security vulnerabilities due to the program failing to properly process user-supplied input. This vulnerability could be exploited by an attacker to bypass certain securit...

Fortinet FortiClient Hardcoded Encryption Keys / Broken SSL Validation

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Fortinet FortiClient Multiple Vulnerabilities Affected Versions: Verified on FortiClient iOS v5.2.028 and FortiClient Android 5.2.3.091 PDF:...

Fortinet FortiClient Installed

Binary data forticlientdetect.nbin...

Fortinet FortiClient OpenSSL Security Bypass

FortiClient, a client-based software solution intended to provide security features for enterprise computers and mobile devices, is installed on the remote Windows host. The installed FortiClient version uses a vulnerable OpenSSL library that contains a flaw with the handshake process. The flaw...

CVE-2013-4669

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the...

Design/Logic Flaw

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the...

CVE-2013-4669

FortiClient before 4.3.5.472 on Windows, before 4.0.3.134 on Mac OS X, and before 4.0 on Android; FortiClient Lite before 4.3.4.461 on Windows; FortiClient Lite 2.0 through 2.0.0223 on Android; and FortiClient SSL VPN before 4.0.2258 on Linux proceed with an SSL session after determining that the...

CVE-2013-4669

FortiClient and FortiClient Lite proceed with an SSL session after determining that the server’s X.509 certificate is invalid, enabling MITM attackers to obtain sensitive information during password transmission. Affected versions include FortiClient on Windows (<4.3.5.472), Mac OS X (<4.0....

Potential Man-In-The Middle Vulnerability in FortiClient VPN

...

Forticlient VPN Client Credential Interception

We found this one year ago. Although most versions have been patched we haven't seen any public info on this yet. FORTICLIENT VPN CLIENT CREDENTIAL INTERCEPTION VULNERABILITY ============================================================ Description ----------- The Fortinet FortiClient VPN client o...

Fortinet FortiClient Crafted VPN Connection Name Handling Local Format String

FortiClient, a client-based software solution intended to provide security features for enterprise computers and mobile devices, is installed on the remote Windows host. The installed version does not properly handle format string specifiers within a VPN connection name. A local user may be able ...

CVE-2009-1262

Format string vulnerability in Fortinet FortiClient 3.0.614, and possibly earlier, allows local users to execute arbitrary code via format string specifiers in the VPN connection name...