Severe Authentication Bypass Vulnerability in Fortinet Devices Exposed on Dark Web

Dated Configuration Data and VPN Credentials for 15,474 Fortinet Devices Available for Free

A severe authentication bypass vulnerability in Fortinet’s FortiOS operating system and FortiProxy Web gateway has been disclosed on the Dark Web. The vulnerability, identified as CVE-2024-55591, has been posted for free, exposing sensitive information about 15,474 Fortinet devices.

Similar Vulnerability from 2022 Still Affecting Organizations Today

For a model of what the aftermath of such a vulnerability could look like, one need only look to a parallel bug from October 2022 that’s still making waves today. In October 2022, Fortinet published an urgent security warning regarding CVE-2022-40684, a critical vulnerability that was still causing problems for organizations.

Old Passwords and Credentials Remain a Threat

Organizations often don’t cycle out usernames and passwords, allowing old ones to continue to cause problems. In examining a device included in the dump, Beaumont reported that the old authentications matched those still in use. This highlights the importance of regularly refreshing security credentials and taking recommended actions to mitigate the risk of such vulnerabilities.

Fortinet’s Response to the Vulnerability

Fortinet has tried to quell concerns in a security analysis published on January 16. "If your organization has consistently adhered to routine best practices in regularly refreshing security credentials and taken the recommended actions in the preceding years, the risk of the organization’s current config or credential detail in the threat actor’s disclosure is small," it explained.

Related Articles

• Zivver Report Reveals Critical Challenges in Email Security for 2025
• Patch Now: Fortinet Fortigate and FortiProxy Contain Critical Vulnern