Its common recommendation & best practice to have 2FA or MFA along with passwords for VPN. Vulnerabilities giving access to VPN credentials Information Disclosure(password files & private keys)Īrbitrary file read vulnerability could allow remote unauthenticated attackers to compromise vulnerable Pulse Secure VPN servers and gain access to all active users and their plain-text credentials, and execute arbitrary commands The attacker able to gain access to all active users and their plain-text credentials.Īttackers could also execute arbitrary commands on each VPN client as it successfully connects to the VPN server.Ĭonfiguration vulnerability may allow an unauthenticated attacker on the same subnet to intercept sensitive information by impersonating the LDAP server, as default configuration does not verify the LDAP server Identity. Many unpatched vulnerabilities form the recent past have allowed an unauthenticated attackers to compromise a vulnerable VPN server. The passwords form both the VPNs Fortigate and Pulse Secure are being compromised using different CVEs. People shifting to remote working has increased the demand for SSL VPNs, also the attack surface + available targets for APT groups and cybercriminals. “What’s most concerning is that even if the vulnerability is patched, the credentials are still at risk for credential stuffing attacks,” he added. The victims of the attacks are include sensitive segments like government agencies, Defense contractors & financial institutions amongst many othersĭigital Journal quoted Vinay Sridhara, CTO of Balbix Inc., “About 50,000 records belonging to banks, telecoms and government organizations were exposed by this data leak, including session-related information and plain-text usernames and passwords of Fortinet VPN users ”.
Large numbers of malware families & malicious actors across the globe are on the spree of exploiting the old unpatched vulnerabilities in Fortinet as well as Zero-day in Pulse Secure VPN. Throughout the March & April month, Federal Bureau of Investigation (FBI), and the Cybersecurity and Infrastructure Security Agent (CISA) has reported numerous incidents where old vulnerabilities in popular VPNs were exploited by organized (or state sponsored) hackers, around the world.
0 kommentar(er)
