Articles Credentials for 50 thousand Fortinet VPN devices published online

Credentials for 50 thousand Fortinet VPN devices published online


Last weekend, one of the hacker forums posted exploits for a vulnerability in Fortinet VPN devices ( CVE-2018-13379 ) and the IP addresses of about 50,000 vulnerable devices belonging to major banks, telecommunications companies and government organizations around the world. At the time, the cybercriminal who published them claimed that he also had the credentials for these vulnerable devices, and now he made them publicly available.

Successfully exploiting a vulnerability in FortiOS allows access to the sensitive sslvpn_websession file on a Fortinet VPN device. The file contains session-related information and, more importantly, unencrypted usernames and passwords.

A security analyst under the pseudonym Bank_Security discovered another thread on a hacker forum, where a cybercriminal published a data dump containing sslvpn_websession files for each previously published IP address. The files reveal the names, passwords, access levels, and original IP addresses of users connecting to the VPN. The data was published on the forum as a 36 MB RAR archive, but after unzipping the files exceed 7 GB.

Why the cybercriminal needed to publish credentials after the IP addresses is also unclear. Interestingly, the archive contains a separate list of IP addresses and corresponding sslvpn_websession files of vulnerable VPN devices located in Pakistan. The archive has already been copied and published on a number of other forums.

Must read

28 dangerous extensions detected for Google Chrome and Microsoft Edge

Avast experts have discovered malware hidden in at least 28 third-party...

Why Is It Important To Have Intrusion Detection And Prevention ?

This article describes why detection and prevention of burglaries...

The risk is real: attacks on OT infrastructure

Previously, many believed that attacks on an isolated OT...

Gitpaste-12: Linux bot armed with a dozen exploits

Researchers at Juniper Networks have discovered a Linux scripting...

Saferwall : Open Source Malware Analysis

Saferwall is an open source malware analysis platform. It...

Network Vulnerability Assessment ? Why Should Every Company Do it at least once a Year !

Network vulnerability assessment analyzes a variety of network issues,...

Artificial Intelligence and Cyber Security

As artificial intelligence intrudes into the world of cybersecurity,...

You might also likeRELATED
Recommended to you