NOTE: Only if the SSL VPN service (web-mode or tunnel-mode) is enabled. Note the attacker will not be able to log in to the VPN, but the obtained credentials are still valid (potencial domain creds) to access corporate mail, etc. Once the attacker has obtained the credentials from this file, he can authenticated with those credentials, compromising the corporate perimeter. One of the most critical files which an attacker may pull is “sslvpn_websessions” which contains session information including usernames and password. Due to a pre-authenticated Path Trasversal vulnerability under the SSL VPN portal on FortiOS, an attacker is able to pull arbitrary system files from the file system.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |