German security firm G Data has discovered that Fortinet firewalls use weak password hashes to secure backup files.
https://www.gdatasoftware.com/blog/2024/01/37834-passwords-on-a-silver-platter
Tracked as CVE-2024-21754, the vulnerability can be exploited to decrypt backup files and read a device's login credentials.
https://www.fortiguard.com/psirt/FG-IR-23-423
"Those backup files are commonly sent back and forth via email, for review and control purposes."
#infosec #cybersecurity #security
Catalin Cimpanu /
npub1tq…3aefw
2024-06-13 17:49:02
Author Public Key
npub1tqfukrqgh928vktkl6vx063ck2c4yn3ek8m44v3txfhztqe65anq63aefwPublished at
2024-06-13 17:49:02Event JSON
{
"id": "9b7fa4fa1eaf7f3d1dae8155d250fe56a662dff6263d7711a290060415920521",
"pubkey": "5813cb0c08b954765976fe9867ea38b2b1524e39b1f75ab22b326e25833aa766",
"created_at": 1718300942,
"kind": 1,
"tags": [
[
"t",
"infosec"
],
[
"t",
"cybersecurity"
],
[
"t",
"security"
],
[
"proxy",
"https://mastodon.social/users/campuscodi/statuses/112610570595187718",
"activitypub"
]
],
"content": "German security firm G Data has discovered that Fortinet firewalls use weak password hashes to secure backup files.\n\nhttps://www.gdatasoftware.com/blog/2024/01/37834-passwords-on-a-silver-platter\n\nTracked as CVE-2024-21754, the vulnerability can be exploited to decrypt backup files and read a device's login credentials.\n\nhttps://www.fortiguard.com/psirt/FG-IR-23-423\n\n\"Those backup files are commonly sent back and forth via email, for review and control purposes.\"\n\n#infosec #cybersecurity #security",
"sig": "291a60f9d67711be219033b9c019132b0e1e805abbdc4b30d70048fdf7ede7cabb78c8a89183e8e3c888decfdc55b3dd7d26ed4ad50fbacf1d7d3f43c8642259"
}