Table of Contents
Do you remember that feeling of security you get when you enable two-factor authentication on your devices? Now imagine that this barrier, in which you have so much trust, can be bypassed by a simple manipulation. This is exactly what happens with a well-known flaw among FortiGate users. Ready to discover how this vulnerability continues to affect systems despite patches applied several years ago?
The 3 key points not to miss
Fortinet recently alerted on the ongoing exploitation of a critical vulnerability, CVE-2020-12812, within FortiOS. Although this flaw was patched in 2020, it remains an active threat to FortiGate firewall users. Attackers use this vulnerability to bypass two-factor authentication, a fundamental pillar of cybersecurity.
The authentication bypass is achieved through a subtle manipulation: by simply changing the case of usernames, attackers can access targeted systems even when two-factor authentication is required.
The most vulnerable environments are those where local users with mandatory two-factor authentication are integrated into LDAP groups. The risk increases even further when configurations include a second LDAP group as a fallback mechanism in case of initial authentication failure.
Fortinet suggests that these configurations are often superfluous. Their removal or adjustment could significantly reduce the risks of exploiting the flaw.
In light of the persistence of this flaw, Fortinet advises organizations to check their FortiGate configurations. It is crucial to ensure that all systems are updated with the latest versions of FortiOS. For those who cannot yet perform these updates, there are temporary solutions.
Disabling case sensitivity for usernames and minimizing dependencies on LDAP services are among the preventive measures proposed by Fortinet to mitigate current risks.
Founded in 2000 by brothers Ken and Michael Xie, Fortinet has become a major player in the field of cybersecurity. The company is best known for its FortiGate firewalls, which are widely deployed worldwide to protect enterprise networks.
FortiGate was designed to offer integrated and automated network security, capable of responding to constantly evolving threats. However, as demonstrated by the CVE-2020-12812 vulnerability, even the most robust systems require regular maintenance and updates to ensure optimal security.