Nearly 87,000 username and password combinations for FortiGate SSL-VPN devices have been compromised by threat actors according to Fortinet. A list of the usernames and passwords were subsequently leaked for free on a relatively new Russian language cybercrime forum RAMP, as well as the leak site for Groove ransomware. In a statement a Fortinet spokesperson said “These credentials were obtained from systems that remained unpatched against CVE-2018-13379 at the time of the actor’s scan. While they may have since been patched, if the passwords were not reset, they remain vulnerable.” CVE-2018-13379 essentially allows unauthorized parties the ability to see usernames and passwords stored in plaintext by viewing the session file. It may come as surprise that a vulnerability from 2018 is still making waves today, but Fortinet has been sending out advisories since August of 2019 and in 2020, it was one of the most exploited vulnerabilities out there.
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is