A hacker has published an exploit for a critical vulnerability in Fortinet VPN devices, along with a list of 49,577 vulnerable devices, BleepingComputer reports. Fortinet released a patch for the flaw in May 2019, but many devices remain vulnerable. The flaw (CVE-2018-13379) can allow an unauthenticated attacker to download system files, including passwords, from vulnerable Fortinet VPNS. In fact, the hacker in this case claims to have already obtained the login credentials for the vulnerable devices on the list. BleepingComputer says this access will most likely be exploited by ransomware operators to gain access to networks.
Refer Here for Original Post and Source https://blog.knowbe4.com/credential-stealing-vpn-exploits