Fortinet FortiClient VPN Credential Disclosure

Fortinet FortiClient VPN Credential Disclosure

FortiClient stores the VPN authentication credentials in a configuration file (on Linux or Mac OSX) or in registry (on Windows). The credentials are encrypted but can still be recovered since the decryption key is hardcoded in the program and the same on all installations. Above all, the aforementioned storage is world readable, which actually lays […]

The post Fortinet FortiClient VPN Credential Disclosure appeared first on MondoUnix.

Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure

Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure

Firmware reversing of the Barracuda Web Application Firewall uncovered development artifacts that should have been removed on the production images. Once the encryption scheme was broken, many QA and development tools were discovered on the affected partitions. Some of these contained sensitive information such as authentication credentials used by internal developers. Firmware version 8.0.1.014 is […]

The post Barracuda WAF V360 Firmware 8.0.1.014 Credential Disclosure appeared first on MondoUnix.