Security News > 2024 > November > Fortinet VPN design flaw hides successful brute-force attacks

Fortinet VPN design flaw hides successful brute-force attacks

2024-11-21 14:38

A design flaw in the Fortinet VPN server's logging mechanism can be leveraged to conceal the successful verification of credentials during a brute-force attack without tipping off defenders of compromised logins. [...]

News URL

https://www.bleepingcomputer.com/news/security/fortinet-vpn-design-flaw-hides-successful-brute-force-attacks/

#attack #fortinet #VPN

Related news

CISA says critical Fortinet RCE flaw now exploited in attacks (source)
87,000+ Fortinet devices still open to attack, are yours among them? (CVE-2024-23113) (source)
Week in review: 87k+ Fortinet devices still open to attack, red teaming tool used for EDR evasion (source)
Fortinet warns of new critical FortiManager flaw used in zero-day attacks (source)
Fortinet FortiManager flaw exploited in zero-day attacks (CVE-2024-47575) (source)
Cisco fixes VPN DoS flaw discovered in password spray attacks (source)
New Cisco ASA and FTD features block VPN brute-force password attacks (source)
Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost (source)
Warning: DEEPDATA Malware Exploiting Unpatched Fortinet Flaw to Steal VPN Credentials (source)
Chinese hackers exploit Fortinet VPN zero-day to steal credentials (source)

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Fortinet		169	57	405	185	81	728

CVE is a registered MITRE Corporation trademark and MITRE's CVE website is the authoritative source of CVE content. CWE is a registered MITRE Corporation trademark and MITRE's CWE website is the authoritative source of CWE content.