Vigil@nce - FortiNet FortiGate: Man-in-the-middle via Anonymous Ciphers on FortiManager Service
September 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can act as a Man-in-the-middle with FortiNet FortiGate
FortiManager Service, in order to interact with user’s session.
– Impacted products: FortiGate, FortiGate Virtual Appliance,
FortiManager, FortiManager Virtual Appliance
– Severity: 2/4
– Creation date: 11/09/2014
DESCRIPTION OF THE VULNERABILITY
The FortiNet FortiGate product offers a FortiManager service with
SSL/TLS.
When a SSL session is established, both parts choose algorithms
matching the requested security level. "Anonymous Cipher"
algorithms are used to establish a session without certificates,
but they are sensitive to a Man-in-the-middle attack.
However, FortiNet FortiGate allows Anonymous Ciphers.
An attacker can therefore act as a Man-in-the-middle with FortiNet
FortiGate FortiManager Service, in order to interact with user’s
session.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN