Fortinet FortiClient OpenSSL Security Bypass
Medium Nessus Plugin ID 76535
SynopsisThe remote Windows host is affected by a security bypass vulnerability.
DescriptionFortiClient, a client-based software solution intended to provide security features for enterprise computers and mobile devices, is installed on the remote Windows host.
The installed FortiClient version uses a vulnerable OpenSSL library that contains a flaw with the handshake process. The flaw could allow an attacker to cause usage of weak keying material leading to simplified man-in-the-middle attacks.
SolutionUpgrade to Fortinet FortiClient 5.0.10 / 5.2.0 or later.