"Attacker Releases Credentials for 87,000 FortiGate SSL VPN Devices"

The cybersecurity company Fortinet has revealed that 87,000 sets of credentials for FortiGate SSL VPN devices have been published online. According to the company, the credentials were obtained through the exploitation of CVE-2018-13379, a known security flaw that affects the FortiOS SSL VPN web tunnel software's portal. The flaw was patched, and a fix, including two-factor authentication, was released in 2019, but it has now reemerged with the release of stolen credentials online. The systems from which the stolen data was obtained were still not patched when the attacker carried out a web scan for vulnerable devices. If passwords for FortiOS SSL VPN builds remain the same since the scan, then they are still vulnerable to being compromised. This could also provide an avenue for network attacks as FortiOS SSL VPN is widely used among enterprise users. Fortinet urges a password reset and upgrade to protect against this vulnerability. CVE-2018-13379 is a path traverse flaw, given a CVSS score of 9.8, that allows unauthenticated attackers to download system files using specially crafted HTTP resource requests. The threat and loss prevention company AdvIntel noted that the stolen credentials were posted on the Groove ransomware group's leak site. The threat actors claimed that the data dump was valid, but this has not been verified. This article continues to discuss the release of credentials for 87,000 FortiGate SSL VPN devices, the known security vulnerability that was exploited to obtain this data, and efforts made to raise awareness about the bug among Fortinet customers.

ZDNet reports "Attacker Releases Credentials for 87,000 FortiGate SSL VPN Devices"