Fortinet’s Fortigate VPN solution is a popular product to resolve the increased remote access demand associated with increased numbers of people working from home.
The default configuration of Fortinet’s Fortigate VPN solution uses “self-signed” certificates. The security of certificates is in the “chain of trust” to the Certificate Authority. However, researchers have found that a malicious actor may present a certificate signed by any Fortigate router, and then implement a Man in the Middle (MitM) attack designed to fraudulently take over the connection. Fortinet provides the certificates necessary to do this bundled with their product.
Security provider SAM Seamless Network has discovered over 200,000 organisations using the Fortigate VPN solution with default configuration.
Fortinet said it has no plans to address the issue, suggesting that users can manually replace the default certificate, thereby ensuring the connections are safe from MitM attacks
In a statement, the company said: “The security of our customers is our first priority. This is not a vulnerability. Fortinet VPN appliances are designed to work out-of-the-box for customers so that organizations are enabled to set up their appliance customized to their own unique deployment.”
“Each VPN appliance and the set-up process provides multiple clear warnings in the GUI with documentation offering guidance on certificate authentication and sample certificate authentication and configuration examples. Fortinet strongly recommends adhering to its provided installation documentation and process, paying close attention to warnings throughout that process to avoid exposing the organization to risk.”
Organisations using the Fortigate VPN solution should investigate ther configuration and, if necessary, purchase certificates from a trusted provider to use for authentication.
More broadly speaking, VPNS are vulnerable to a variety of attacks.
Agilient can provide a remote working solution that is more secure and scalable than VPN solutions, offering greater endpoint protection as well as secured communications through Zero Trust cryptographically separate network architecture. Contact us to discuss your remote access systems and cybersecurity.
Author: David Steele, Agilient Consultant