Fortinet Reports Leak of Thousands of VPN User Login Credentials
American cybersecurity company Fortinet published a blog post on September 8, 2021 informing the public of the leak of around 87,000 SSL-VPNs FortiGate devices produced by the company. The leak originated from devices that were still left unpatched against the CVE-2018-13379 vulnerability.
The vulnerability in question, which was given a 9+ 'critical' score, received a security update addressing it way back in 2019, so this is definitely the type of leak stemming from systems and devices that were left running significantly outdated software. However, this does not change the fact that the leak is real.
Threatpost reported that further, according to security researchers, an unnamed threat actor has leaked many more login credentials linked to Fortinet VPNs. A team working with security firm Advanced Intel checked the IP addresses associated with the credentials and found they belonged to devices located all over the globe. The biggest chunks of the reported larger credential leak belong to IPs located in India, Taiwan and Italy.
The exploit abused in the unpatched VNPs is well-known among the infosec community. In fact, it made the cut as one of the 12 most exploited vulnerabilities even in 2020.
The fact that similar old, known and long-since patched issues and vulnerabilities still lead to data theft and exploitation on part of bad actors goes to show what a significant number of systems run outdated software and often firmware as well.
The importance of keeping all your hardware and software updated to the latest possible version, even if you are a home user and not an enterprise network administrator, cannot be overstated. Similar old vulnerabilities can be found in thousands of devices running old versions of their software and give bad actors fertile ground for exploitation years after the developers have patched the issue, simply because thousands of systems remain unpatched.