Friday, July 10, 2026

Patching FortiBleed VPN Credential Leak

There was a recent FortiGate SSL VPN vulnerability, commonly referred to as FortiBleed, disclosed by Fortinet. You can verify under the SSL VPN setting if it's explicitly enabled. The Fortinet PSIRT advisory also outlined the mitigation steps and required software patch to address the said vulnerability. 

 

FGT # config vpn ssl settings

 

FGT (settings) # show

config vpn ssl settings

    set banned-cipher SHA1 SHA256 SHA384

    set servercert ''

    set port 443

end

FGT(settings) # set status

enable     Enable Agentless VPN.

disable    Disable Agentless VPN.


Per the Fortinet Tech Tip, starting FortiOS 7.2.11 and above use PBKDF2 for hashing the local admin password. You can confirm this with the "ENC PB2" used in the password encryption. Prior to 7.2.11, it uses SHA256.

 

FGT (global) # config system admin

 

FGT  (admin) # edit "fw-admin"

 

FGT (fw-admin) # show

config system admin

    edit "fw-admin"

        set vdom "root"

        set accprofile "super_admin"

        set password ENC PB2abcdOMd71rT5MBTtJ2QTOmeb8M3Q4KglpTwQTCP/q5Xg06bEjO4FGR9TvjeAFa+BgL6JRv9vrq0GHL93u8kbt8QoWtvZV0pvMoUqI123456=

    next

end


No comments:

Post a Comment