Fortinet VPN Client Exposes VPN Creds, Palo Alto Firewalls Allow Remote Attacks

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Solarquest

Moderator
Staff member
AV-Tester
Jul 22, 2014
1,925
15,554
#1
It's been a bad week for two of the world's biggest vendors of enterprise hardware and software — Fortinet and Palo Alto Networks.

Both companies fixed security issues this week affecting some of their most popular products, with some bugs being quite intrusive and dangerous.

FortiClient exposes VPN credentials
The worst of the bunch is a credentials leak affecting Fortinet's FortiClient, an antivirus product provided by Fortinet for both home and enterprise-level clients.

FortiClient, which is available for Linux, Mac, and Windows, also includes a VPN client, which the company claims it provides "secure, reliable access to corporate networks and applications from virtually any internet-connected remote location."

Researchers from SEC Consult said in an advisory released this week that they've discovered a security issue that allows attackers to extract credentials for this VPN client.

According to researchers, the FortiClient software stores VPN credentials in a local file on each computer, which is encrypted with a key to preventing easy access to the data. SEC Consult says this key is the same for all users and it's stored by default in the FortiClient binary itself. The key can easily be extracted and used to decrypt and access the VPN credentials.

The vulnerability (CVE-2017-14184) affects FortiClient 5.6.0 and earlier on Windows and Mac, and FortiClient 4.4.2334 and earlier on Linux. Fortinet has issued updates a few weeks back.

Palo Alto Networks firewalls vulnerable to root-level RCE
...