Passwords exposed for almost 50,000 vulnerable Fortinet VPNs

SeriousHoax

Level 34
Verified
Mar 16, 2019
2,353
A hacker has now leaked the credentials for almost 50,000 vulnerable Fortinet VPNs.


Over the weekend a hacker had posted a list of one-line exploits for CVE-2018-13379 to steal VPN credentials from these devices, as reported by BleepingComputer.


Present on the list of vulnerable targets are IPs belonging to high street banks, telecoms, and government organizations from around the world.


Leaked files expose usernames, passwords, unmasked IPs​


The exploitation of critical FortiOS vulnerability CVE-2018-13379 lets an attacker access the sensitive "sslvpn_websession" files from Fortinet VPNs.


These files contain session-related information, but most importantly, may reveal plain text usernames and passwords of Fortinet VPN users.


Today, threat intelligence analyst Bank_Security has found another thread on the hacker forum where a threat actor shared a data dump containing "sslvpn_websession" files for every IP that had been on the list.


As observed by BleepingComputer, these files reveal usernames, passwords, access levels (e.g. "full-access"), and the original unmasked IP addresses of users connected to the VPNs.
Read the full article here
 

Solarquest

Moderator
Verified
Staff member
Malware Hunter
Jul 22, 2014
2,530
"Present on the list of vulnerable targets are IPs belonging to high street banks, telecoms, and government organizations from around the world."
....
...
...
"The security of our customers is our first priority. In May 2019 Fortinet issued a PSIRT advisory regarding an SSL vulnerability that was resolved, and have also communicated directly with customers and again via corporate blog posts in August 2019 and July 2020 strongly recommending an upgrade," a Fortinet spokesperson told BleepingComputer.
....

Even after one year,.......incredible....any (legal) consequences for the affected companies and organizations?
 
Top