Over 10K Fortinet firewalls exposed to actively exploited 2FA bypass
Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. [...]
Stay secure online with the latest on authentication techniques, best practices, and industry updates at the forefront of information security.
Search across headline titles and summaries.
Background for this topic.
Authentication confirms the identity of users or systems before granting access to resources, typically using factors like passwords (knowledge), hardware tokens (possession), or biometrics (inherence). It establishes trust boundaries that prevent unauthorized entities from impersonating legitimate users or devices within networks and applications.
Weak authentication enables attackers to perform account takeover, privilege escalation, or lateral movement by exploiting stolen credentials, phishing, or replay attacks. Deploying multi-factor authentication (MFA) with independent factors significantly reduces these risks. Secure credential storage, regular rotation, and monitoring authentication logs for anomalies are critical defenses to detect and block unauthorized access attempts early in the attack chain.
Over 10,000 Internet-exposed Fortinet firewalls are still vulnerable to attacks exploiting a five-year-old two-factor authentication (2FA) bypass vulnerability. [...]
IBM has disclosed details of a critical security flaw in API Connect that could allow attackers to gain remote access to the application
IBM urged customers to patch a critical authentication bypass vulnerability in its API Connect enterprise platform that could allow attackers to access apps remotely. [...]
Fortinet has warned customers that threat actors are still actively exploiting a critical FortiOS vulnerability that allows them to bypass two-factor authentication (2FA) when targeting vulnerable FortiGate firewalls. [...]