Forti VPN credentials on sale

Hackers has published a list of credentials for nearly 50,000 Fortinet Inc. FortiGate vpn connected to the internet that can be exploited using a known vulnerability.

The 6.7-gigabyte uncompressed database is being offered on forums by hacking group named pumpedkicks

The vulnerability was uncovered known to be path traversal vulnerability in the FortiOS SSL VPN web portal [that] may allow an unauthenticated attacker to download FortiOS system files through specially crafted HTTP resource requests.”

In July Fortinet warned that APT 29, also known as Cozy Bear were using the vulnerability to target COVID-19 vaccine development in Canada, the U.S. and the U.K.

All Fortinet customers are advised, if they haven’t done so already to immediately upgrade all FortiGate systems to the latest firmware releases and to validate that all SSL-VPN local users are expected, with correct email addresses assigned and to perform a password reset on all users.

The exploitation of the specific CVE allowed an unauthenticated attacker to download system files through uniquely crafted HTTP resource requests. By using special elements such as ‘..’ and ‘/’ separators, attackers can get around the restricted location to access files or directories that are elsewhere on the system.