Some clickbait nonsense. Genuinely.
This isn’t anything like what its trying to spark fear over. it requires a credential stuffing attack that needs the following:
- A management interface exposed to the internet
- A lack of controls related to who can log in and where from
- The use of SSLVPN that does not utilize SAML or another form of OAuth
After all of that, and presuming they have a set of working credentials that have not been changed after the credentials were exposed in a breach, can they perform an attack.
Like with anything, working admin credentials will get you to a CLI, and from there you can do a lot. Protect your management interfaces. Do the bare minimum.
Fortipatch your Fortishit already!
One of my previous shops used the Forti Suite and I wasn’t really convinced of its integrity or security based upon how convoluted the Firewall and Endpoint configuration was. It had the trappings of a WYSIWYG solution but a lot of things required janky fine tuning
maybe you just need to know how to use it, the forti suite is quite powerful
my shop has had a few different systems and they all have their own WYSIWYG issues. So fortigate isnt alone with that problem
