Here is the technical feature of Fortigate:
We can identify it from the URL /remote/login. There are more than 480k servers operating on the internet and is common in Asia and Europe. The next article is going to be about Pulse Secure, which is the most splendid one! Stay tuned! Fortigate SSL VPNįortinet calls their SSL VPN product line as Fortigate SSL VPN, which is prevalent among end users and medium-sized enterprise. Is that true? As a myth buster, we took on this challenge and started hacking Fortinet and Pulse Secure! This story is about hacking Fortigate SSL VPN. It seems like Fortinet and Pulse Secure are the most secure ones. There is no way to stop us because SSL VPN must be exposed to the internet.Īt the beginning of our research, we made a little survey on the CVE amount of leading SSL VPN vendors: Therefore, once we find a critical vulnerability on the leading SSL VPN, the impact is huge. According to our survey on Fortune 500, the Top-3 SSL VPN vendors dominate about 75% market share. However, what if this trusted equipment is insecure? It is an important corporate asset but a blind spot of corporation. For its convenience, SSL VPN becomes the most popular remote access way for enterprise! Compare to the site-to-site VPN such as the IPSEC and PPTP, SSL VPN is more easy to use and compatible with any network environments. The story began in last August, when we started a new research project on SSL VPN. We will also give a speech at the following conferences, just come and find us! Infiltrating Corporate Intranet Like NSA: Pre-auth RCE on Leading SSL VPNs.Today, here comes the main dish! If you cannot go to Black Hat or DEFCON for our talk, or you are interested in more details, here is the slides for you! Author: Meh Chang( and Orange Tsai( month, we talked about Palo Alto Networks GlobalProtect RCE as an appetizer.
0 kommentar(er)
