Get in Touch
Fortinet Passwords Leaked
Overview
Fortinet have updated their advisory for CVE-2018-13379 to acknowledge the publication of 87,000 stolen credentials. These are believed to have been collected in the same way as a previous leak of 50,000 passwords for the same devices.
Impact
FortiGate users who were previously vulnerable to this exploit may have had their credentials leaked.
Vulnerability Detection
This is historic data so even patched devices may have credentials in the data.
Affected Products
FortiOS 6.0 – 6.0.0 to 6.0.4
FortiOS 5.6 – 5.6.3 to 5.6.7
FortiOS 5.4 – 5.4.6 to 5.4.12
Containment, Mitigations & Remediations
FortiGates support MFA which would prevent a malicious actor from logging in with stolen credentials. Impacted companies may wish to review wider exposure to risk as IP addresses and usernames are exposed. This may facilitate separate targeting of accounts or individuals that are now known to have a level of privilege within the organisation.
Mitre Methodologies
– T1190 – Exploit Public-Facing Application
– T1110.004 – Credential Stuffing
Further Information
FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests