CVE-2020-7042: 
FortiClient VPN vulnerability analysis and mitigation

An issue was discovered in openfortivpn 1.11.0 when used with OpenSSL 1.0.2 or later. The vulnerability (CVE-2020-7042) involves the mishandling of certificate validation in tunnel.c due to the use of uninitialized memory during hostname verification. The issue was discovered in January 2020 and was fixed in version 1.12.0 released in February 2020 (GitHub Commit, NVD).

The vulnerability stems from passing an uninitialized buffer (common_name) as an argument to X509_check_host function, which prevented proper hostname validation when OpenSSL >= 1.0.2 was in use. This issue was introduced in openfortivpn 1.7.1 and remained undetected because the return value was not properly checked. The outcome is that a valid certificate is never accepted, while only malformed certificates might be accepted (GitHub Security Lab).

The vulnerability results in the application never accepting valid certificates, while potentially accepting malformed ones. This behavior could lead to security implications in certificate validation processes, potentially compromising the security of VPN connections (GitHub Security Lab).

The vulnerability was fixed in openfortivpn version 1.12.0. The fix involves properly using the gateway_host variable for certificate validation instead of the uninitialized common_name buffer. Users are advised to upgrade to version 1.12.0 or later (GitHub Commit, OpenSUSE Security).