Fortinet VPN Client Exposes VPN Creds, Palo Alto Firewalls Allow Remote Attacks

Discussion in 'Security News' started by Solarquest, Dec 14, 2017.

  1. Solarquest

    Solarquest Moderator
    Staff Member AV Tester

    Jul 22, 2014
    It's been a bad week for two of the world's biggest vendors of enterprise hardware and software — Fortinet and Palo Alto Networks.

    Both companies fixed security issues this week affecting some of their most popular products, with some bugs being quite intrusive and dangerous.

    FortiClient exposes VPN credentials
    The worst of the bunch is a credentials leak affecting Fortinet's FortiClient, an antivirus product provided by Fortinet for both home and enterprise-level clients.

    FortiClient, which is available for Linux, Mac, and Windows, also includes a VPN client, which the company claims it provides "secure, reliable access to corporate networks and applications from virtually any internet-connected remote location."

    Researchers from SEC Consult said in an advisory released this week that they've discovered a security issue that allows attackers to extract credentials for this VPN client.

    According to researchers, the FortiClient software stores VPN credentials in a local file on each computer, which is encrypted with a key to preventing easy access to the data. SEC Consult says this key is the same for all users and it's stored by default in the FortiClient binary itself. The key can easily be extracted and used to decrypt and access the VPN credentials.

    The vulnerability (CVE-2017-14184) affects FortiClient 5.6.0 and earlier on Windows and Mac, and FortiClient 4.4.2334 and earlier on Linux. Fortinet has issued updates a few weeks back.

    Palo Alto Networks firewalls vulnerable to root-level RCE
Similar Threads Forum Date
Q&A Fortinet issues IPS Signature to block Meltdown and Spectre at the gateway. General Security Discussions Jan 8, 2018
Q&A Take the (free) Network Security Expert Program from Fortinet and earn a certificate General Security Discussions Nov 30, 2017
Mobile malware on the increase says Fortinet Security News Jun 13, 2017