PSIRT Advisory

CVE-2015-1793 OpenSSL "Alternative Chains Certificate Forgery"


OpenSSL released a security advisory in July 2015 to announce a high severity vulnerability affecting any application that verifies certificates with OpenSSL.
In certain conditions, an attacker owning a valid certificate (eg: a certificate for her personal website, signed by legitimate Certification Authorities) could leverage this vulnerability to act as a CA and "issue" certificates (in other words: sign forged certificates that would then appear legitimate to a vulnerable peer).
OpenSSL notes that this concerns SSL clients (when verifying a server's certificates) but also SSL servers when verifying a client's certificate, in the rarer occurrence of client authentication in the SSL handshake.


Certificate Forgery

Affected Products

Fortinet products themselves are not impacted.


Do not connect to any SSL server (even nonimpacted) from a vulnerable client.