Fortinet VPN Client Exposes VPN Creds, Palo Alto Firewalls Allow Remote Attacks

Solarquest

Moderator
Thread author
Verified
Staff Member
Malware Hunter
Well-known
Jul 22, 2014
2,525
It's been a bad week for two of the world's biggest vendors of enterprise hardware and software — Fortinet and Palo Alto Networks.

Both companies fixed security issues this week affecting some of their most popular products, with some bugs being quite intrusive and dangerous.

FortiClient exposes VPN credentials
The worst of the bunch is a credentials leak affecting Fortinet's FortiClient, an antivirus product provided by Fortinet for both home and enterprise-level clients.

FortiClient, which is available for Linux, Mac, and Windows, also includes a VPN client, which the company claims it provides "secure, reliable access to corporate networks and applications from virtually any internet-connected remote location."

Researchers from SEC Consult said in an advisory released this week that they've discovered a security issue that allows attackers to extract credentials for this VPN client.

According to researchers, the FortiClient software stores VPN credentials in a local file on each computer, which is encrypted with a key to preventing easy access to the data. SEC Consult says this key is the same for all users and it's stored by default in the FortiClient binary itself. The key can easily be extracted and used to decrypt and access the VPN credentials.

The vulnerability (CVE-2017-14184) affects FortiClient 5.6.0 and earlier on Windows and Mac, and FortiClient 4.4.2334 and earlier on Linux. Fortinet has issued updates a few weeks back.

Palo Alto Networks firewalls vulnerable to root-level RCE
...
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top