A massive data leak has exposed plaintext administrator credentials for approximately 75,000 Fortinet network appliances, a disclosure that security researchers say affects an estimated half of all internet-facing Fortinet devices globally.
The exposure, dubbed "FortiBleed," was identified by security researcher Bob Diachenko. According to his findings as reported by Security Affairs, Diachenko discovered an unsecured server openly accessible on the internet. The server reportedly contained what appeared to be valid Fortinet VPN credentials, including usernames, associated email addresses, and—critically—passwords stored in plaintext.
The leaked credentials, if valid, grant direct administrative access to the affected firewalls and VPN gateways. This presents an immediate and severe risk, as threat actors could use the username and password pairs to log into and potentially take complete control of the security devices without needing to exploit a software vulnerability.
For IT and security administrators, the incident is a high-priority emergency. Compromised network edge devices can serve as a foothold for attackers to infiltrate corporate networks, deploy ransomware, steal sensitive data, or conduct espionage. The fact that the passwords were reportedly stored in plaintext, rather than being securely hashed, dramatically increases the risk of their misuse.
In response to the disclosure, organizations using Fortinet hardware are urged to take immediate emergency measures. The primary recommendation is to rotate all credentials for all affected appliances, including passwords for local administrator accounts and any accounts referenced in device configuration files or backups. Security teams should also conduct a thorough audit of logs from affected devices to check for any unauthorized access or configuration changes that may have occurred prior to the credential rotation.
The incident also reinforces the critical importance of enabling multi-factor authentication (MFA) for administrative access wherever possible, adding a layer of defense even if primary credentials are compromised.
This event is not an isolated flaw in Fortinet's software code but rather a data exposure stemming from insecure credential and configuration management. It highlights a recurring systemic issue where administrative secrets for critical network infrastructure are stored insecurely, making them vulnerable to leaks.
The situation underscores a security paradox: the very devices designed to protect the network perimeter—firewalls and VPN gateways—can themselves become high-value attack surfaces. They demand the same rigorous credential hygiene, access controls, and continuous monitoring as any other critical enterprise system.
The FortiBleed leak serves as a stark reminder of the importance of secure credential management and raises questions about vendor responsibilities and the need for industry-wide standards for the safe handling of configuration backups and administrative secrets.
While the full scope and impact of the leak remain under investigation, the discovery has forced an urgent security review for thousands of organizations worldwide, emphasizing that in cybersecurity, the gates themselves must be as impregnable as the walls they protect.
一宗大規模數據洩漏事件,導致約75,000台Fortinet網絡裝置的明文管理員憑證曝光。安全研究人員指出,此次洩漏事件估計影響全球近半數互聯網可達的Fortinet裝置。
這個被稱為「FortiBleed」的數據暴露事件,由安全研究人員Bob Diachenko揭發。根據Security Affairs報道他的發現,Diachenko發現一台未受保護、在互聯網上公開可存取的伺服器。據報,該伺服器儲存了看似有效的Fortinet VPN憑證,包括用戶名、關聯電郵地址,以及至關重要的——以明文形式儲存的密碼。
若洩漏的憑證有效,可直接獲取受影響防火牆及VPN閘道器的管理員權限。這構成即時且嚴重的威脅,因為威脅行為者可以使用這些用戶名和密碼組合登入並可能完全控制這些安全裝置,而無需利用軟件漏洞。
對於資訊科技及安全管理員而言,此事件屬於高優先級的緊急情況。被入侵的網絡邊緣裝置可作為攻擊者滲透企業網絡、部署勒索軟件、竊取敏感數據或進行間諜活動的立足點。據報密碼以明文而非安全雜湊形式儲存,極大地增加了其被濫用的風險。
針對此次洩漏事件,使用Fortinet硬件的機構被敦促採取緊急措施。主要建議是為所有受影響裝置輪換所有憑證,包括本地管理員帳戶的密碼以及裝置配置文件或備份中引用的任何帳戶。安全團隊亦應徹底審查受影響裝置的日誌,以檢查在憑證輪換前是否發生任何未經授權的存取或配置變更。
此事件亦強調了盡可能為管理員存取啟用多因素身份驗證的重要性,即使主要憑證被洩漏,亦能增加一層防禦。
此事件並非Fortinet軟件代碼中的孤立缺陷,而是源於不安全的憑證及配置管理導致的數據暴露。它突顯了一個反覆出現的系統性問題:關鍵網絡基礎設施的管理員憑證被不安全地儲存,使其容易洩漏。
此情況凸顯了一個安全悖論:旨在保護網絡邊界的裝置——防火牆及VPN閘道器——其本身亦可能成為高價值的攻擊面。它們需要與任何其他關鍵企業系統同樣嚴格的憑證管理、存取控制和持續監控。
FortiBleed洩漏事件鮮明地提醒了安全憑證管理的重要性,並引發了關於供應商責任以及行業內對配置備份和管理員憑證安全處理標準的需求質疑。
儘管洩漏事件的全面範圍和影響仍在調查中,但此發現已迫使全球數千家機構進行緊急安全審查,並強調在網絡安全領域,守護大門的裝置本身必須與其守護的城牆同樣堅不可摧。