- Mar 16, 2019
Read the full article hereA hacker has now leaked the credentials for almost 50,000 vulnerable Fortinet VPNs.
Over the weekend a hacker had posted a list of one-line exploits for CVE-2018-13379 to steal VPN credentials from these devices, as reported by BleepingComputer.
Present on the list of vulnerable targets are IPs belonging to high street banks, telecoms, and government organizations from around the world.
Leaked files expose usernames, passwords, unmasked IPs
The exploitation of critical FortiOS vulnerability CVE-2018-13379 lets an attacker access the sensitive "sslvpn_websession" files from Fortinet VPNs.
These files contain session-related information, but most importantly, may reveal plain text usernames and passwords of Fortinet VPN users.
Today, threat intelligence analyst Bank_Security has found another thread on the hacker forum where a threat actor shared a data dump containing "sslvpn_websession" files for every IP that had been on the list.
As observed by BleepingComputer, these files reveal usernames, passwords, access levels (e.g. "full-access"), and the original unmasked IP addresses of users connected to the VPNs.