4 matches found
CVE-2015-1571
The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the FortinetFactory certificate and...
Design/Logic Flaw
DISPUTED The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the FortinetFactory certificate...
CVE-2015-1571
Fortinet FortiOS 5.0 Patch 7 (build 4457) CAPWAP DTLS uses the same Fortinet_Factory certificate and private key across different customer installations. This configuration could enable an attacker to perform a man‑in‑the‑middle by spoofing SSL servers leveraging the Fortinet_Factory cert. Some s...
CVE-2015-1571
The CAPWAP DTLS protocol implementation in Fortinet FortiOS 5.0 Patch 7 build 4457 uses the same certificate and private key across different customers' installations, which makes it easier for man-in-the-middle attackers to spoof SSL servers by leveraging the FortinetFactory certificate and...