• Megan Haybyrne

Attackers have leaked passwords for 500,000 Fortinet VPN accounts on RAMP hacking forum

Description

A threat actor known as 'Orange,' who is the administrator of the newly launched RAMP hacking forum and a previous operator of the Babuk Ransomware operation has leaked a list of around 500,000 Fortinet VPN login names and passwords on RAMP hacking forum for free, which were scraped from devices by exploiting path traversal (CVE-2018-13379) vulnerability. Attackers can use leaked VPN credentials to access a network to perform data exfiltration, install malware, and perform ransomware attacks.


Vulnerabilities:

CVE-2018-13379



Recommendation

Workaround:

It is recommended to reset all VPN user passwords and check logs for possible intrusions.



Reference URL:

  • https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/

  • https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379




0 views0 comments