You can use it to hide your identity information on the internet. VPNfrom Fortinet, It creates serious security concerns due to a bug in its software.
A design flaw in Fortinet VPN servers hides verified login information in brute-force attacks. Misleads security teams. This bug only records failed attempts, allowing attackers to verify successful logins without being noticed.
Best Free VPN Programs (PC/Mac/Android/iOS)
What are the best free VPN programs for Mac, Android, iOS and PC? In this article, we have listed successful programs that you can use without paying any fee.
Successful Logins Are Not Recorded in Logs
Fortinet VPN servers use a two-step process for login: authentication ve authorization. Artist Security researchers discovered that successful logins are logged only during the authorization phase, while unsuccessful logins are logged during the authentication phase.
Attackers, the process It can prevent successful logins from being recorded by stopping it at the authentication stage. If researchers Burp Suite After analyzing the interactions between the client and the server using the tool, the server’s HTTPS response showed valid login information. “ret=1” value They found that there was. When the process is stopped at this stage, successful logins are not logged.
Fortinet Didn’t Count This as a Security Vulnerability
Although Pentera reported this bug to Fortinet, the company not considered a security vulnerability. So at this point it’s unclear whether Fortinet has a plan to fix this issue. Pentera, on the other hand, published a script that exploits this design error and emphasized that organizations should review their VPN security measures.
Windows’ New Vulnerability Became a ‘Bread and Bread’ for Russian Hackers
The new NTLM vulnerability is being used by Russian hackers to distribute Remote Access Trojan (RAT) software.
Source link: https://www.tamindir.com/haber/fortinet-vpn-tasarim-hatasi-brute-force-ataklarini-engelledi_91516/