Fortinet VPN Client Exposes VPN Creds, Palo Alto Firewalls Allow Remote Attacks

Solarquest

Moderator
MalwareTips Staff
AV-Tester
Joined
Jul 22, 2014
Messages
1,946
#1
It's been a bad week for two of the world's biggest vendors of enterprise hardware and software — Fortinet and Palo Alto Networks.

Both companies fixed security issues this week affecting some of their most popular products, with some bugs being quite intrusive and dangerous.

FortiClient exposes VPN credentials
The worst of the bunch is a credentials leak affecting Fortinet's FortiClient, an antivirus product provided by Fortinet for both home and enterprise-level clients.

FortiClient, which is available for Linux, Mac, and Windows, also includes a VPN client, which the company claims it provides "secure, reliable access to corporate networks and applications from virtually any internet-connected remote location."

Researchers from SEC Consult said in an advisory released this week that they've discovered a security issue that allows attackers to extract credentials for this VPN client.

According to researchers, the FortiClient software stores VPN credentials in a local file on each computer, which is encrypted with a key to preventing easy access to the data. SEC Consult says this key is the same for all users and it's stored by default in the FortiClient binary itself. The key can easily be extracted and used to decrypt and access the VPN credentials.

The vulnerability (CVE-2017-14184) affects FortiClient 5.6.0 and earlier on Windows and Mac, and FortiClient 4.4.2334 and earlier on Linux. Fortinet has issued updates a few weeks back.

Palo Alto Networks firewalls vulnerable to root-level RCE
...
 

Similar Threads

Similar Threads