Certificate Validation Flaw in Fortinet FortiClient for iOS
CVE-2015-1569

Currently unrated

Key Information:

Vendor: Fortinet
Status: Forticlient
Vendor: CVE Published:; 10 February 2015

Summary

Fortinet FortiClient 5.2.028 for iOS contains a vulnerability that fails to properly validate SSL certificates. This weakness allows attackers to execute man-in-the-middle attacks by spoofing SSL VPN servers through specially crafted certificates, compromising the security of users' connections.

References

http://www.security-assessment.com/files/documents/adviso...

x_refsource_MISC

http://seclists.org/fulldisclosure/2015/Jan/124

mailing-listx_refsource_FULLDISC

Timeline

Vulnerability Reserved
Oct 3, 2022
Vulnerability published
Feb 10, 2015