An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL before 1.0.2. tunnel.c mishandles certificate validation because hostname comparisons do not consider '\0' characters, as demonstrated by a good.example.com\0evil.example.com attack.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
27/02/2020
by Openssl
3 months ago
by Opensuse
2 years ago
by Openfortivpn Project
4 years ago
by Fedoraproject
a month ago
by Opensuse
7 months ago