In what’s equally sad and shocking, a hacker has posted an exploit that can be used to steal VPN (opens in new tab) credentials using a 2018 vulnerability that was publicly disclosed over a year ago (opens in new tab).
It is reported that a series of one-line exploits can reveal authentication information from about 50,000 compromisable targets.
According to anonymous threat intelligence analyst Bank_Security (opens in new tab), the list includes several banks, many .gov domains from around the world as well as thousands of companies.
- These are the best SSL certificate services for 2020 (opens in new tab)
- Check out our roundup of the best endpoint protection solutions (opens in new tab)
- We’ve also compiled a list of the best antivirus products (opens in new tab)
Failed by red-tape
The flaw labelled CVE-2018-13379 is a path traversal vulnerability in the web portal of FortinetOS’ SSL VPN devices.
Using a reportedly trivial exploit that involves crafting special HTTP requests, unauthenticated attackers can download the sslvpn_websession files from Fortinet VPNs that contain login credentials.
The simple mitigation for the vulnerability is to either disable the SSL-VPN service on the FortinetOS devices running the affected version, or to upgrade to a new release. Both solutions it seems are too much of an ask for the 49,577 targets that reportedly includes over four dozen banking, finance, and governmental organizations of repute.
“Unfortunately, companies have a very slow patching process or an uncontrolled perimeter of exposure on the internet, and for this reason, attackers are able to exploit these flaws to compromise companies in all sectors with relative simplicity,” shared the anonymous Bank_Security analyst adding that attackers had been exploiting this vulnerability for a long time.
In fact, the same flaw was reportedly exploited by attackers to break into US government elections support systems (opens in new tab) last month.
- Shape up your security with one of our recommended best business VPNs (opens in new tab)
Via: BleepingComputer (opens in new tab)