Description
A threat actor known as 'Orange,' who is the administrator of the newly launched RAMP hacking forum and a previous operator of the Babuk Ransomware operation has leaked a list of around 500,000 Fortinet VPN login names and passwords on RAMP hacking forum for free, which were scraped from devices by exploiting path traversal (CVE-2018-13379) vulnerability. Attackers can use leaked VPN credentials to access a network to perform data exfiltration, install malware, and perform ransomware attacks.
Vulnerabilities:
CVE-2018-13379
Recommendation
Workaround:
It is recommended to reset all VPN user passwords and check logs for possible intrusions.
Reference URL:
https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-13379
