Home / About / Threat Intelligence / Fortinet Passwords Leaked

Overview

Fortinet have updated their advisory for CVE-2018-13379 to acknowledge the publication of 87,000 stolen credentials. These are believed to have been collected in the same way as a previous leak of 50,000 passwords for the same devices.

Impact

FortiGate users who were previously vulnerable to this exploit may have had their credentials leaked.

Vulnerability Detection

This is historic data so even patched devices may have credentials in the data.

Affected Products

FortiOS 6.0 – 6.0.0 to 6.0.4

FortiOS 5.6 – 5.6.3 to 5.6.7

FortiOS 5.4 – 5.4.6 to 5.4.12

Containment, Mitigations & Remediations

FortiGates support MFA which would prevent a malicious actor from logging in with stolen credentials. Impacted companies may wish to review wider exposure to risk as IP addresses and usernames are exposed. This may facilitate separate targeting of accounts or individuals that are now known to have a level of privilege within the organisation.

Mitre Methodologies

T1190 – Exploit Public-Facing Application
T1110.004 – Credential Stuffing

Further Information

FortiOS system file leak through SSL VPN via specially crafted HTTP resource requests

Attacking SSL VPN – Part 2: Breaking the Fortigate SSL VPN