Old Vulnerability Leads to Compromised Credentials From 87,000 FortiGate VPN Devices

UPDATE (09/10/21): According to this report, nearly 500,000 Fortinet VPN login names and passwords have been leaked, scraped from nearly 13,000 exploitable Fortinet VPN devices last summer.

***

Yesterday, Fortinet confirmed that a malicious actor has disclosed VPN login credentials associated with 87,000 FortiGate SSL-VPN devices.

"These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor's scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable," the company said in a statement on Wednesday.

NWG recommends anyone using a FortiGate SSL VPN appliance to perform the following actions:

  • If your device is still vulnerable to this exploit, take the device offline and upgrade the OS immediately
  • Implement Two Factor Authentication (2FA) for all VPN users
  • If 2FA is already enabled, validate that all authorized VPN users are configured to use 2FA and that 2FA is enforced for all logins to the VPN appliance
  • Assume all VPN user credentials are compromised from the time that the device was vulnerable to this exploit
  • If there is the possibility that a VPN user is still using credentials that were valid from the time your device was vulnerable, force a password reset for those accounts immediately

For NWG Managed Security Customers that have their FortiGate SSL VPN device managed by NWG, your device was upgraded to protect against this vulnerability in 2019. No further action is needed as a result of this event. That said, be on the lookout for unexpected 2FA requests. If users are getting 2FA prompts that they aren’t initiating, it is suggested that you reset their password.

***

NetWorks Group is an Ethical Hacking and Managed Security Services Provider (MSSP) with practices in Offensive Security, Defensive Security, and Compliance.  Founded in 1997, we have over 20 years of experience delivering services that improve security outcomes.  Our services are designed to provide you with a clear risk-informed understanding of your security, so that you can invest where it matters.  Our unique approach to security not only helps you stay ahead of cyber criminals but also helps you reduce cost and increase efficiency.

For more information about NetWorks Group and our services, please visit www.networksgroup.com or drop us an email at info@networksgroup.com

Subscribe to get new content! Never miss a security update from the team.

Security news, tips, webinars, and more straight to your inbox.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.