Network security solutions provider Fortinet confirmed that a malicious actor had unauthorizedly disclosed VPN login names and passwords associated with 87,000 FortiGate SSL-VPN devices.

“These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor’s scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable,” the company said in a statement on Wednesday.

The disclosure comes after the threat actor leaked a list of Fortinet credentials for free on a new Russian-speaking forum called RAMP that launched in July 2021 as well as on Groove ransomware’s data leak site, with Advanced Intel noting that the “breach list contains raw access to the top companies” spanning across 74 countries, including India, Taiwan, Italy, France, and Israel. “2,959 out of 22,500 victims are U.S. entities,” the researchers said.

CVE-2018-13379 relates to a path traversal vulnerability in the FortiOS SSL VPN web portal, which allows unauthenticated attackers to read arbitrary system files, including the session file, which contains usernames and passwords stored in plaintext.

Although the bug was rectified in May 2019, the security weakness has been continously exploited by multiple adversaries to deploy an array of malicious payloads on unpatched devices, prompting Fortinet to issue a series of advisories in August 2019, July 2020, April 2021, and again in June 2021, urging customers to upgrade affected appliances.

CVE-2018-13379 also emerged as one of the top most exploited flaws in 2020, according to a list compiled by intelligence agencies in Australia, the U.K., and the U.S. earlier this year.

In light of the leak, Fortinet is recommending companies to immediately disable all VPNs, upgrade the devices to FortiOS 5.4.13, 5.6.14, 6.0.11, or 6.2.8 and above followed by initiating an organization-wide password reset, warning that “you may remain vulnerable post-upgrade if your users’ credentials were previously compromised.”

(Visited 50,013 times, 1 visits today)
You May Also Like

NSA: Steve Jobs is the real Big Brother and iPhone buyers are zombies

Steve Jobs is Big Brother, and all the iPhone-buying public are just…

Dev Sec Ops

What is DevSecOps? DevSecOps is a software development approach that aims to…

Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets

Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight…