Fortinet leaked credentials to fuel more Breaches

Ajit Hatti September 14, 2021 Credential Stealing


In our previous research blog Passwords & MFA Melting VPNS we had explained how vulnerabilities in Fortinet VPN are being exploited to harvest user credentials and bypass MFA implementations. 

The latest update from The Hacker News - 500K FortiGate VPN user credentials are available for free. Many instances of Fortinet VPN whose credentials are out there are not secure even if they have implemented MFA but not patched for CVE-2020-12812.

Self-Propelling Cycle of leaked passwords & breaches

Self-Propelling cycle between leaked passwords & breaches

Old unpatched vulnerabilities of FortiGate SSL-VPN CVE-2018-13379 & CVE-2019-5591 are widely exploited to gain VPN credentials. These stolen Passwords are then shared on the dark web to fuel new breaches. This puts Fortinet in a self-propelling cycle of Passwords leaks & Breaches. 

The Incident

Fortinet through its PSIRT Blog has reported - Malicious Actor Discloses FortiGate SSL-VPN Credentials. Cybercriminals group “Orange” publicly leaked around 500K usernames and passwords of the Fortinet’s FortiGate SSL-VPN users from as many as 74 different countries. 

Worldwide estimated number of affected FortiGate VPNS is approximately 87,000 out of which India has the largest share of leaked credentials (11%) followed by Taiwan (8.45%), Italy (7.96) and then France (6.15%). 

What Enterprises can do?

Passwords are at the root of this unfortunate cycle. As long as enterprise applications & systems are using passwords to authenticate the enterprises will continue to be stuck in this cycle. 

The best solution is to #GoPasswordless with PureAUTH, which provides you with the most resilient yet convenient way to authenticate to FortiGate & other modern VPN’s and keep your enterprise unaffected even in the face of the worst possible credential breach.

Share the post    
Previous Post
All the recent high profile breaches we have seen, have one common root cause – Account takeovers with compromised credentials. Solarwinds incidents is a biggest examples of how simple account takeovers lead to distribution of malicious updates, which then got amplified through the supply chain and affect the entire world. GitHub being the world’s code-repository […]
Everyone understands and acknowledges that passwords are evil and are the biggest risk for enterprises. We have also seen that augmenting passwords with different factors not only makes the authentication process complex and costly but also fails to provide any effective security. Clearly, enterprise must choose to #GoPasswordless. In this blog, we discuss how. Securing […]