Vigil@nce - FortiOS: Man-in-the-Middle of SSL-VPN
August 2015 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can perform a Man-in-the-Middle on FortiOS, in order
to read or alter TLS session data.
Impacted products: FortiGate, FortiGate Virtual Appliance, FortiOS.
Severity: 1/4.
Creation date: 12/08/2015.
DESCRIPTION OF THE VULNERABILITY
The SSL-VPN feature of the FortiOS product uses the TLS protocol.
However, only the first byte of the MAC of the TLS Handshake
Finished Message is checked.
An attacker can therefore perform a Man-in-the-Middle on FortiOS,
in order to read or alter TLS session data.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/FortiOS-Man-in-the-Middle-of-SSL-VPN-17651