CVE-2013-4669

Name of the Vulnerable Software and Affected Versions FortiClient versions prior to 4.3.5.472 on Windows FortiClient versions prior to 4.0.3.134 on Mac OS X FortiClient versions prior to 4.0 on Android FortiClient Lite versions prior to 4.3.4.461 on Windows FortiClient Lite versions 2.0 through 2.0.0223 on Android FortiClient SSL VPN versions prior to 4.0.2258 on Linux

Description The issue allows man-in-the-middle attackers to obtain sensitive information by leveraging a password transmission that occurs before the user warning about the certificate problem, due to the software proceeding with an SSL session after determining that the server's X.509 certificate is invalid.

Recommendations For FortiClient on Windows, update to version 4.3.5.472 or later. For FortiClient on Mac OS X, update to version 4.0.3.134 or later. For FortiClient on Android, update to version 4.0 or later. For FortiClient Lite on Windows, update to version 4.3.4.461 or later. For FortiClient Lite on Android, update to a version later than 2.0.0223. For FortiClient SSL VPN on Linux, update to version 4.0.2258 or later.