![]() ![]() ![]() Fortinet has issued updates a few weeks back. The vulnerability (CVE-2017-14184) affects FortiClient 5.6.0 and earlier on Windows and Mac, and FortiClient and earlier on Linux. The key can easily be extracted and used to decrypt and access the VPN credentials. SEC Consult says this key is the same for all users and it's stored by default in the FortiClient binary itself. ![]() Researchers from SEC Consult said in an advisory released this week that they've discovered a security issue that allows attackers to extract credentials for this VPN client.Īccording to researchers, the FortiClient software stores VPN credentials in a local file on each computer, which is encrypted with a key to preventing easy access to the data. The worst of the bunch is a credentials leak affecting Fortinet's FortiClient, an antivirus product provided by Fortinet for both home and enterprise-level clients.įortiClient, which is available for Linux, Mac, and Windows, also includes a VPN client, which the company claims it provides "secure, reliable access to corporate networks and applications from virtually any internet-connected remote location." It's been a bad week for two of the world's biggest vendors of enterprise hardware and software - Fortinet and Palo Alto Networks.īoth companies fixed security issues this week affecting some of their most popular products, with some bugs being quite intrusive and dangerous. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |