Security News > 2020 > November > Passwords exposed for almost 50,000 vulnerable Fortinet VPNs
A hacker has now leaked the credentials for almost 50,000 vulnerable Fortinet VPNs. Over the weekend a hacker had posted a list of one-line exploits for CVE-2018-13379 to steal VPN credentials from these devices, as reported by BleepingComputer.
The exploitation of critical FortiOS vulnerability CVE-2018-13379 lets an attacker access the sensitive "Sslvpn websession" files from Fortinet VPNs. These files contain session-related information, but most importantly, may reveal plain text usernames and passwords of Fortinet VPN users.
The exposure of passwords in these files means, even if the vulnerable Fortinet VPNs are later patched, these credentials could be reused by anyone with access to the dump in credential stuffing attacks, or to potentially regain access to these VPNs. While the threat actor's motivations for this second, expansive leak aren't clear, BleepingComputer did notice, the newly leaked archive has lists marked pak separating out Pakistan-based VPN IPs and corresponding "Sslvpn websession" files from the large 49,000+ VPN data set.
"The security of our customers is our first priority. In May 2019 Fortinet issued a PSIRT advisory regarding an SSL vulnerability that was resolved, and have also communicated directly with customers and again via corporate blog posts in August 2019 and July 2020 strongly recommending an upgrade," a Fortinet spokesperson told BleepingComputer.
As a safeguard, Fortinet VPN users should change their passwords immediately both on the VPN devices, and any other websites where the same credentials were used.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-06-04 | CVE-2018-13379 | Path Traversal vulnerability in Fortinet Fortios and Fortiproxy An Improper Limitation of a Pathname to a Restricted Directory ("Path Traversal") in Fortinet FortiOS 6.0.0 to 6.0.4, 5.6.3 to 5.6.7 and 5.4.6 to 5.4.12 and FortiProxy 2.0.0, 1.2.0 to 1.2.8, 1.1.0 to 1.1.6, 1.0.0 to 1.0.7 under SSL VPN web portal allows an unauthenticated attacker to download system files via special crafted HTTP resource requests. | 9.8 |