Deploying Fortinet VPN with default settings can leave your organization open to attack null
Over 200,000 businesses that have deployed Fortinet VPN with its default configuration could be vulnerable to man-in-the-middle (MitM) attacks according to new research from the network security company SAM Seamless Network.
With more employees working from home than ever before, organizations around the world have turned to VPN services to provide their workers with an easy way to connect to their corporate networks. However, cybercriminals are well aware of this and have begun to look for weakness they can exploit in organization’s VPN configurations.
After closely examining Fortinet’s Fortigate VPN solution, security researchers at SAM seamless network realized that under the default configuration the company’s SSL VPN is not as protected as it should be and is vulnerable to MitM attacks. This is because the Fortigate SSL-VPN client only verifies that the SSL certificate was issued by Fortigate or another trusted certificate authority (CA).
An attacker could take advantage of this to launch MitM attacks by presenting a certificate issued to a different Fortigate router without raising any flags. In just a matter of minutes, the researchers conducted a search and found over 200k vulnerable businesses that were still using Fortinet VPN’s default configuration despite the fact that the company explicitly warns users about using a default built-in certificate.
Default certificate
All Fortigate routers ship with a default SSL certificate that is signed by Fortinet but this certificate can be spoofed by a third-party or even an attacker as long as it’s valid and issued by Fortinet or a trusted CA.
All of the company’s default SSL certificates use a router’s serial number as the server name for the certificate. While the company could use the router’s serial number to check if the server names match, the client appears to not verify the server name at all according to SAM Seamless Network’s research. The researchers even designed a MitM proof of concept (PoC) to show how an attacker can easily re-route the traffic to their server, display their own certificate, and then decrypt an organization’s VPN traffic.
In Fortinet’s defense, the company’s client displays the following warning when a customer uses the default certificate: “You are using a default built-in certificate, which will not be able to verify your server’s domain name (your users will see a warning). It is recommended to purchase a certificate for your domain and upload it for use.”
At the moment, Fortinet has no plans to address this issue as users can manually replace the default certificate on their own to protect their networks from MitM attacks. The company offered further details on the matter in a statement to The Hacker News, which reads:
“The security of our customers is our first priority. This is not a vulnerability. Fortinet VPN appliances are designed to work out-of-the-box for customers so that organizations are enabled to set up their appliance customized to their own unique deployment. Each VPN appliance and the set up process provides multiple clear warnings in the GUI with documentation offering guidance on certificate authentication and sample certificate authentication and configuration examples. Fortinet strongly recommends adhering to its provided installation documentation and process, paying close attention to warnings throughout that process to avoid exposing the organization to risk.”
- We’ve also highlighted the best VPN services
Via The Hacker News
Over 200,000 businesses that have deployed Fortinet VPN with its default configuration could be vulnerable to man-in-the-middle (MitM) attacks according to new research from the network security company SAM Seamless Network. With more employees working from home than ever before, organizations around the world have turned to VPN services to…
Recent Posts
- Microsoft is pushing out Copilot AI to more Windows 11 users – ready or not – and Windows 10 will follow shortly
- Here’s another good reason to dump your desktop for a laptop — boutique content creation specialist finds that laptops perform and cost almost the same as their desktop counterparts
- Quordle today – hints and answers for Saturday, March 23 (game #789)
- Asus’ tiny 2.5-liter gaming NUC tentatively starts at $1,629 in the US
- 33 Best Deals From the Amazon Big Spring Sale (2024)
Archives
- March 2024
- February 2024
- January 2024
- December 2023
- November 2023
- October 2023
- September 2023
- August 2023
- July 2023
- June 2023
- May 2023
- April 2023
- March 2023
- February 2023
- January 2023
- December 2022
- November 2022
- October 2022
- September 2022
- August 2022
- July 2022
- June 2022
- May 2022
- April 2022
- March 2022
- February 2022
- January 2022
- December 2021
- November 2021
- October 2021
- September 2021
- August 2021
- July 2021
- June 2021
- May 2021
- April 2021
- March 2021
- February 2021
- January 2021
- December 2020
- November 2020
- October 2020
- September 2020
- August 2020
- July 2020
- June 2020
- May 2020
- April 2020
- March 2020
- February 2020
- January 2020
- December 2019
- November 2019
- December 2011