PSIRT Advisory

RSA-CRT key leak under certain conditions

Summary

FortiOS now includes for all SSL libraries a countermeasure against Lenstra's fault
attack on RSA-CRT optimization when a RSA signature is corrupted.

Impact

Man in the middle

Affected Products

FortiGate with the SSLVPN web portal feature configured.

Solutions

Upgrade to FortiOS 5.0.13 / 5.2.6 / 5.4.0
 
As a workaround the SSLVPN web portal can be disabled