News Hackers Hunt For Passwords Within VPNs: - Printable Version +- Red Security (https://redsecurity.info/cc) +-- Forum: General (https://redsecurity.info/cc/forumdisplay.php?fid=1) +--- Forum: News (https://redsecurity.info/cc/forumdisplay.php?fid=4) +--- Thread: News Hackers Hunt For Passwords Within VPNs: (/showthread.php?tid=1238)

Hackers Hunt For Passwords Within VPNs: - Mad-Architect - 08-24-2019                                                                                  Hackers have been reported focusing attacks VPNs, in order to steal encryption keys, passwords, and other sensitive information. The servers that are being focused are ones that have apparently failed to patch two vulnerabilities. These exploits can be taken advantage of when unpatched servers are sent Web requests that contain a special sequence of characters. The two vulnerabilities themselves are within the Fortigate SSL VPN, which was installed on about 480,000 servers, whilst the competing Pulse Secure SSL which was installed on 50,000 machines; this was reported by Devcore Security Consulting.                                                            The situation itself is not worth ignoring, as the vulnerabilities themselves could allow hackers to access organization's networks and acquire passwords, that may or may not be plain text or otherwise encrypted.                     The two companies, Fortiget and Pulse Secure, have urged their users to make sure their systems are patched, apparently this has been happening for months. Anyone who happens to be using these two VPNs should go and check and make sure they are not vulnerable.                                       Original article can be found here [Original author: Dan Goodin:]                  That was the news folks, have a good weekend, and stay safe out there.                   --Mad-Architect