Good news ! Hackbusters community is waiting for you !
KnowBe4 has been running the HackBusters site for a few years now, providing you with trending IT security news. We are expanding it and have launched a new exciting online community! The forum is divided into four main topics or categories: Social Engineering, Ransomware, Phishing and Security Awareness Training. You are invited to be one of the first to join us at:

Fortinet's FortiClient Product Exposed VPN Credentials

Updates released by Fortinet for its FortiClient product patch a serious information disclosure vulnerability that can be exploited to obtain VPN authentication credentials.

FortiClient is a next-generation endpoint protection product that includes web filtering, application firewall, vulnerability assessment, anti-malware, and SSL and IPsec VPN features for desktop and mobile systems running Windows, macOS, Linux, Android and iOS.

Researchers at SEC Consult have discovered a couple of issues that can be exploited to access VPN authentication credentials associated with the product.

One of the problems is related to the fact that the VPN credentials are stored in a configuration file (on Linux and macOS) and in the registry (on Windows) – locations that are easily accessible.

The second issue is that while the credentials are stored in an encrypted form, the decryption key is hardcoded in the application and it’s the same across all installations. An attacker can easily find...(continued)

View All Trending Stories