TLS Certificate Verification Update for FORUM v4.4.0


A man-in-the-middle (MITM) attack is a cyberattack in which malicious actors exploit flaws in the
FORUM version 4.4 TLS implementation, particularly in the certificate verification logic, by inserting
themselves between entities in a communication channel to read or manipulate data. What this
means is data exchanged between the ZEISS FORUM Server and other network entities inc. the
FORUM viewer could be read or manipulated by unauthorized actors.

This issue is solely related to cybersecurity and does not compromise the health and safety of the
patient. It also has no impact on the safety and performance of ZEISS FORUM.


A man-in-the-middle attack as described above is possible only if

  • FORUM uses CA certificates issued by the organizational or commercial certificate authority
    for TLS connections and
  • an attacker with network access is able to set up an intercepting entity and
  • the attacker uses either a TLS certificate issued by the same certificate authority or a selfsigned
    certificate with the FORUM Viewer running in low-security mode. In the latter case,
    user of FORUM Viewer must accept the certificate in the trust-on-first-use dialog.

Affected versions

The vulnerability affects the following FORUM versions:

  • FORUM 4.4.0

Recommended actions

1. Do not use CA certificates

Although self-signed certificates are considered less secure than CA certificates in general, in this
case using a self-signed certificate provides a higher security level. The FORUM Server comes with a
self-signed certificate by default and allows using any other self-signed certificate as well.

2. Carefully check certificates

Whenever a manual certificate verification is possible (via a TOFU dialog, for instance), make sure to
carefully check the certificate presented by the FORUM server. Contact an admin for details.

ZEISS is currently working on a security update to address the weakness and will provide the patch as
soon as possible.