Fortigate Advisory

Security researchers have confirmed that installations of Fortigate VPN solutions with default settings allows an attacker to present a valid SSL certificate and carry out man-in-the-middle attacks on user connections. A successful attacker can extract a user’s password which may lead to severe data exposure. Fortigate HIGHLY recommends that network and security administrators acquire a signed certificate for their installation. The Administration Guide can be found here.