Hackers are actively attempting to steal passwords by taking advantage of servers that have failed to patch two virtual private network (VPN) products.
Users of Fortigate SSL VPN and Pulse Secure are being warned that hackers are attempting to steal passwords, as well as encryption keys and other sensitive data.
Researchers at the Black Hat security conference in Las Vegas explained that the vulnerabilities could be taken advantage of by sending unpatched servers web requests that contain a special sequence of characters.
Other vulnerabilities found could also allow attackers to remotely execute malicious code and change passwords.
Users of these VPN products should look to install patches for the products as soon as possible. The Fortigate update was issued in May whilst the Pulse Secure update was made available back in April.
However, organisations patching their products are being told that updating to the latest version could cause service disruptions such as downtime of the VPN.