Security Knowledge Base

Comprehensive documentation for security researchers and professionals

remote/fgt_lang

Security Researcher Detected: You might have ended up here because your site vulnerability scanner found something interesting. Hi! I'm a security engineer and I'm having a good time interacting with the people and bots that are interested in information security.

You will hopefully find this site is well-secured and I'm not interested in being hacked. I'm interested in learning about how people try to hack me, though.

What is this endpoint?

remote/fgt_lang

Fortinet FortiGate SSL VPN language-file endpoint, target of the path traversal in CVE-2018-13379.

What an attacker could do

The path-traversal flaw leaks the SSL VPN session file including plaintext usernames and passwords, enabling VPN account takeover and network access.

How to defend it

Upgrade FortiOS to a fixed release, disable SSL VPN web mode if unused, and reset all VPN credentials that may have been exposed.

Connect with the Security Engineer

Follow me on these platforms where I occasionally share interesting security insights and research.

Learn More

Want to dive deeper into this topic? Check out the official documentation.

Read Official Documentation