Flaw would enable an attacker to obscure successful login attempts during brute-force attacks.
Researchers at Pentera have identified a design vulnerability in the logging mechanism of the Fortinet VPN server.
A vulnerability that would enable an attacker to obscure successful login attempts during brute-force attacks, the issue stems from how the server records authentication and authorization processes.
According to Bleeping Computer, while failed login attempts are logged during the authentication phase, successful logins are only logged if the process advances to the authorization phase.
Pentera demonstrated a technique to halt the login process after the authentication phase, which allows attackers to confirm valid credentials without triggering logs of successful login attempts. Consequently, defenders may detect failed brute-force attempts but remain unaware of compromised credentials.
The issue was disclosed to Fortinet, but it said it does not classify it as a vulnerability. It remains unclear if a fix will be implemented. Meanwhile, Pentera has released a script demonstrating the flaw, raising awareness of the potential risks to Fortinet VPN users.
Written by
Dan Raywood
Senior Editor
SC Media UK
Dan Raywood is a B2B journalist with more than 20 years of experience, including covering cybersecurity for the past 16 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.
He has spoken at events including 44CON, Infosecurity Europe, RANT Conference, BSides Scotland, Steelcon and ESET Security Days.
Outside work, Dan enjoys supporting Tottenham Hotspur, managing mischievous cats, and sampling craft beers.
