Flaw would enable an attacker to obscure successful login attempts during brute-force attacks.
Researchers at Pentera have identified a design vulnerability in the logging mechanism of the Fortinet VPN server.
A vulnerability that would enable an attacker to obscure successful login attempts during brute-force attacks, the issue stems from how the server records authentication and authorization processes.
According to Bleeping Computer, while failed login attempts are logged during the authentication phase, successful logins are only logged if the process advances to the authorization phase.
Pentera demonstrated a technique to halt the login process after the authentication phase, which allows attackers to confirm valid credentials without triggering logs of successful login attempts. Consequently, defenders may detect failed brute-force attempts but remain unaware of compromised credentials.
The issue was disclosed to Fortinet, but it said it does not classify it as a vulnerability. It remains unclear if a fix will be implemented. Meanwhile, Pentera has released a script demonstrating the flaw, raising awareness of the potential risks to Fortinet VPN users.
Written by
Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.
