Full Disclosure mailing list archives
Re: Forticlient VPN client credential interception vulnerability
From: Patrick Webster <patrick () aushack com>
Date: Thu, 2 May 2013 17:54:40 +1000
Reminded me of a bug I found in an EAL4 certified military encryption product. The source code actually says "FIXME - need to add parameter validation." So instead of spending a few minutes adding input sanitisation, the developers just added a reminder that none exists and shipped the product as-is. One of those face slap moments. -Patrick On Wed, May 1, 2013 at 8:36 PM, Thierry Zoller <thierry () zoller lu> wrote:
You got to be kidding me...FORTICLIENT VPN CLIENT CREDENTIAL INTERCEPTION VULNERABILITYWhen the FortiClient VPN client is tricked into connecting to a proxy server rather than to the original firewall (e.g. through ARP or DNS spoofing,) it detects the wrong SSL certificate but it only warns the user _AFTER_ it has already sent the password to the proxy._______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Forticlient VPN client credential interception vulnerability Philippe oechslin (May 01)
- Re: Forticlient VPN client credential interception vulnerability Thierry Zoller (May 01)
- Re: Forticlient VPN client credential interception vulnerability Patrick Webster (May 02)
- Re: Forticlient VPN client credential interception vulnerability Thierry Zoller (May 01)