FortiClient VPN credentials improperly secured

FortiClient VPN credentials improperly secured

DearBytesAlertsFortiClient VPN credentials improperly secured

What is going on?

SEC Consult Vulnerability Lab has disclosed a vulnerability in the way that the Fortinet’s FortiClient products stores the VPN credentials. Successful exploitation may allow an attacker to retrieve the authentication credentials in plain text.

Why is this important?

According to the security researchers behind the disclosure, the issue is particularly problematic in an enterprise environment where the VPN is often authenticated against domain accounts. An internal attacker or one that gained access to the internal network could gather all credentials of all other VPN users and gain access to their domain user account.

Who does this apply to?

FortiClient for Windows:
5.6.0 and below versions.

FortiClient for Mac OSX:
5.6.0 and below versions.

FortiClient SSLVPN Client for Linux:
4.4.2334 and below versions.

FortiClient Android:
Not Impacted.

FortiClient EMS:
Not Impacted.

FortiClient IOS
Not Impacted.

What can you do?

The last week of November Fortinet has released the corresponding security patches to fix the vulnerability named CVE-2017-14184. All systems affected should upgrade to at least the following versions:

FortiClient for Windows:
Upgrade to 5.6.1

FortiClient for Mac OSX:
Upgrade to 5.6.1

FortiClient SSLVPN Client for Linux:
Upgrade to 4.4.2335 released together with FortiOS 5.4.7

What have DearBytes done?

All endpoint systems running Forticlient that are managed by the DearBytes Managed Services department are at least on version 5.6.1. Managed Services periodically upgrades the systems to stable versions after going through proper verification procedures.

For more information:


 

Blijf op de hoogte van alle acute (grote) dreigingen.

Meld u aan voor de Tech.Alert | Aanmelden