Fortinet Fortigate VPN Credentials Leaked Online

Published on 09 Sep 2021

Updated on 13 Sep 2021

This is an update to the alert.

Fortinet has published handbooks to harden the FortiGate for FortiOS 5.6, 6.0, 6.2, 6.4. Please refer to the respective handbooks below:

FortiOS 5.6:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/364441ae-1a11-11e9-9685-f8bc1258b856/FortiOS-5.6-Hardening.pdf

FortiOS 6.0:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/9878a9dc-a99a-11e9-81a4-00505692583a/FortiOS-6.0-Hardening_your_FortiGate.pdf

FortiOS 6.2:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/d36c4979-870c-11e9-81a4-00505692583a/FortiOS-6.2.0-Hardening_your_FortiGate.pdf

FortiOS 6.4:
https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/81327170-6878-11ea-9384-00505692583a/FortiOS-6.4.0-Hardening_your_FortiGate.pdf

 

Original alert published on 9 Sep 2021 below:

Approximately 500,000 Fortinet Fortigate VPN login credentials were leaked on a hacking forum, according to reports. The exposure of the credentials could allow an attacker to access a network to perform malicious activities such as data exfiltration, malware installation, and ransomware attacks.

Administrators of Fortinet VPN are advised to perform the following measures:
Ensure that the products are patched to the latest versions immediately. If administrators are unable to do so immediately, disable the VPN feature.
Perform a forced reset of all users' passwords, and set new strong passwords immediately.
Consider enabling two-factor authentication (2FA) to secure the VPN accounts, using external authentication services where possible.
Check the Fortigate appliance's Audit Event log and VPN Event Log for signs of unauthorised or unusual logins, such as logins using valid credentials but from abnormal overseas IP address or logins at an unusual time of day.
Monitor the network for any suspicious activities such as possible intrusion attempts.

More information is available here:
https://www.bleepingcomputer.com/news/security/hackers-leak-passwords-for-500-000-fortinet-vpn-accounts/