"The vulnerability makes it possible to bypass two-factor authentication on VPN connections, despite a patch having been available since 2020. The vulnerability CVE-2020-12812 affects the SSL VPN component of FortiOS, the operating system that runs on Fortinet devices such as firewalls and VPN systems. Attackers can bypass the enabled 2FA for a VPN account by changing the username. The problem occurs when 2FA is enabled in the "user local" setting and a remote authentication method is configured for this user."
"In 2021, the FBI, the US Cybersecurity and Infrastructure Security Agency (CISA), the Australian Cyber Security Centre (ACSC), and the UK National Cyber Security Centre (NCSC) warned of abuse of the security vulnerability. This was despite the fact that patches had been available for over a year at that point."
FortiOS contains a critical SSL VPN vulnerability, CVE-2020-12812, that enables attackers to bypass two-factor authentication by changing the username when 2FA is enabled in the "user local" setting and a remote authentication method is configured. The flaw was scored 9.8 and patches were released on July 13, 2020. In 2021 multiple agencies including the FBI, CISA, ACSC and NCSC warned of abuse despite patches being available. Fortinet reports continued active exploitation, noting attacks target LDAP configurations, and urges organizations that have not applied the update to patch affected systems.
Read at Techzine Global
Unable to calculate read time
Collection
[
|
...
]