Ties De Kock

**Name of the Vulnerable Software and Affected Versions** Fort versions 1.6.4 and earlier, up to but not including 2.0.0 **Description** A validation integrity issue was discovered in the product. RPKI Relying Parties, such as Fort, are supposed to maintain a backup cache of the remote RPKI data, which can be employed as a fallback in case a new fetch fails or yields incorrect files. However, the product currently uses its cache merely as a bandwidth saving tool, because fetching is performed through deltas. If a fetch fails midway or yields incorrect files, there is no viable fallback, leading to incomplete route origin validation data. **Recommendations** For Fort versions 1.6.4 and earlier, up to but not including 2.0.0, update to version 2.0.0 or later to resolve the issue. As a temporary workaround, consider implementing an alternative fallback mechanism for handling incomplete or incorrect RPKI data until a patch is available.