Hackers Are Actively Trying to Steal Passwords from Two Widely Used VPNs

Hackers Are Actively Trying to Steal Passwords from Two Widely Used VPNs
August 27 10:30 2019 Print This Article

ARS TECHNICA – Dan Goodin, 24 August 2019: Hackers are actively unleashing attacks that attempt to steal encryption keys, passwords, and other sensitive data from servers that have failed to apply critical fixes for two widely used virtual private network (VPN) products, researchers said.

The vulnerabilities can be exploited by sending unpatched servers Web requests that contain a special sequence of characters, researchers at the Black Hat security conference in Las Vegas said earlier this month. The pre-authorization file-reading vulnerabilities resided in the Fortigate SSL VPN, installed on about 480,000 servers, and the competing Pulse Secure SSL VPN, installed on about 50,000 machines, researchers from Devcore Security Consulting reported.

The Devcore researchers discovered other critical vulnerabilities in both products. These make it possible for attackers to, among other things, remotely execute malicious code and change passwords. Patches for the Fortigate VPN became available in May and in April for Pulse Secure. But installing the patches can often cause service disruptions that prevent businesses from carrying out essential tasks.

Internet scans performed over the weekend by security intelligence service Bad Packets show there are 14,528 Pulse Secure VPN endpoints vulnerable to flaw that’s currently being exploited, up from a previous scan that found about 2,658 unpatched servers. The vulnerable servers were found in 121 countries.

Read the full article and additional images HERE