top of page
Caller Verify logo long.png

Fortinet SSO Compromised: How to Secure the Fortinet SSO

  • Writer: Pallav Parikh
    Pallav Parikh
  • Jan 23
  • 3 min read

Updated: Jan 23


An image of username: breakglass account, password: XXXXX. It is under glass which is breaking by a hammer with a security guard.

Security researchers at Arctic Wolf and Fortinet have confirmed a critical situation: a new vulnerability allows attackers to bypass authentication on FortiGate firewalls via the FortiCloud SSO service. 


The immediate advice from Fortinet is drastic but necessary: Disable FortiCloud SSO immediately. 

While this stops the technical bleeding, it creates a new, dangerous operational gap, one that social engineers are already preparing to exploit. 


The "Break-Glass" Vulnerability 

When you disable Single Sign-On (SSO) for your network infrastructure, you are effectively locking the front door to your own house. To get back in to manage devices, apply patches, or monitor traffic, your network administrators must revert to "break-glass" procedures. 


They have to use  local administrative accounts (e.g., admin, root) that are not tied to their personal identities. 


This creates chaos. Admins who are used to clicking one button to log in are now locked out. They need passwords they haven't used in months. They are under pressure to secure the network. 

This is the exact moment fraudsters strike. 


The Scenario: The "Panicked Admin" Call 

Attackers read the same threat intelligence reports we do. They know that right now, in Operations Centers across the globe, SSO is being disabled and confusion is high. 

Expect your Help Desk to receive calls like this: 


"Hi, this is Dave from Network Engineering. Look, we disabled SSO per the Fortinet advisory, but now I’m locked out of the Edge Firewall. I need the local admin password immediately to apply the mitigation before we get hit. Hurry." 

To a helpful agent, this sounds plausible. It sounds urgent. It sounds like a security priority. 


But if that caller isn't Dave, and your agent reads out the local admin password, the attacker has won. They didn't need a technical exploit; they just needed to exploit the chaos caused by one. 


When Tech Fails, Verification Must Hold 

This incident highlights a critical truth: Technology breaks. Firewalls have bugs. SSO services have vulnerabilities. 

When the technical layers fail, your security falls back to the human layer. If your method of verifying that human is weak (like checking Caller ID or asking "secret" questions), your last line of defense is gone. 

This is where TechJutsu’s Caller Verify becomes your safety net. 


How to Secure the Patch Gap 

Even when your infrastructure is vulnerable, your verification process doesn't have to be. Here is how Caller Verify protects your organization during the Fortinet crisis: 

  1. Verify the Person, Not the Login: Even if the "admin" claims they can't log in to the firewall, their trusted mobile device is still active. When they call for support, the agent triggers a Caller Verify push notification. 

  2. Cryptographic Certainty: The real admin taps "Approve" on their device. A fraudster spoofing their number cannot do this. 

  3. Gatekeep the Keys: The agent sees a green "Verified" light  before they even consider releasing local credentials or "break-glass" passwords. 

  4. Audit the Chaos: Every verification attempt is logged in ServiceNow. If an attacker tries to impersonate your admin, you have a digital record of the failed attempt.  This record is valuable intelligence during an active incident. 


Don't Let a Patch Become a Breach 

The Fortinet vulnerability is a technical problem, but fixing it is an operational challenge. As you move to disable SSO and lock down your perimeter, ensure you aren't leaving the phone line wide open. 


Technology breaks. Trust shouldn't. 

Is your Help Desk ready for the "Panicked Admin" call? Book a demo with Caller Verify today. 

 
 
bottom of page