Threat Intelligence, Network Security

Design flaw in Fortinet VPN server lets attackers hide logins

Share
Credit: Adobe Stock Images

Researchers at Pentera have identified a design vulnerability in the logging mechanism of the Fortinet VPN server that enables attackers to obscure successful login attempts during brute-force attacks, BleepingComputer reports.

The issue stems from how the server records authentication and authorization processes. While failed login attempts are logged during the authentication phase, successful logins are only logged if the process advances to the authorization phase.

Using tools like Burp, Pentera demonstrated a technique to halt the login process after the authentication phase. This method allows attackers to confirm valid credentials without triggering logs of successful login attempts. Consequently, defenders may detect failed brute-force attempts but remain unaware of compromised credentials. Such credentials could be exploited later or sold to other threat actors.

Pentera disclosed the issue to Fortinet, but the company reportedly does not classify it as a vulnerability. It remains unclear if a fix will be implemented. Meanwhile, Pentera has released a script demonstrating the flaw, raising awareness of the potential risks to Fortinet VPN users.

An In-Depth Guide to Network Security

Get essential knowledge and practical strategies to fortify your network security.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds