Admins should change the access data for Fortinet VPNs in use. In various hacker forums there is a list with log-in data for almost 50. 000 VPN systems surfaced.

The archive should be 6.7 GByte in size and partly contain passwords in plain text, reports a security researcher with the pseudonym Bank Security on Twitter. The researcher already warned that an IP list of vulnerable Fortinet VPNs was published. Now the associated access data has appeared. In the data you can also see the respective access rights.

Patching alone is not enough! Background is a ”

critical “vulnerability (CVE – 2018 – 13379) from the year 2019 for which exploit code is currently in circulation. By successfully exploiting the vulnerability, attackers could access sslvpn_webssions files that were actually sealed off. There you will find, among other things, unencrypted user names and passwords.

Patches have been available for around two years. The problem is, due to the leaked access data, even VPNs that have been secured in the meantime are at risk until admins exchange passwords. This should also be done for all online services that use identical passwords.

If this does not happen, attackers could run credential stuffing attacks on VPNs and try out for luck whether entries from the List work and grant them access. According to the security researcher, the majority of the affected IP addresses belong to US government websites. Financial and telecommunications companies are also affected worldwide.

(des)