Summary: Recently, a leak of configuration files for Fortigate/Fortinet devices revealed sensitive data, including TLS and SSH private keys, due to a known vulnerability (CVE-2022-40684). Despite previous warnings from Fortinet about active exploitation, many users failed to change their default passwords, leaving their systems vulnerable. The incident highlights ongoing issues with security practices and the effectiveness of security advisories.
Threat Actor: Unknown | Fortinet threat actor
Victim: Fortinet Users | Fortinet
Keypoints :
- A leak of configuration files for Fortigate/Fortinet devices exposed private keys and certificates.
- 99.5% of the compromised keys could be decrypted using a static encryption key, a known vulnerability.
- Over 100,000 private keys were found, with many users failing to replace compromised keys despite prior warnings.
Source: https://blog.hboeck.de/archives/908-Private-Keys-in-the-Fortigate-Leak.html