╔═════════════════════════════════════════════════════════════════════════════╗
║   ███████╗ ██████╗ ██████╗ ████████╗██╗ ██████╗  █████╗ ████████╗███████╗   ║
║   ██╔════╝██╔═══██╗██╔══██╗╚══██╔══╝██║██╔════╝ ██╔══██╗╚══██╔══╝██╔════╝   ║
║   █████╗  ██║   ██║██████╔╝   ██║   ██║██║  ███╗███████║   ██║   █████╗     ║
║   ██╔══╝  ██║   ██║██╔══██╗   ██║   ██║██║   ██║██╔══██║   ██║   ██╔══╝     ║
║   ██║     ╚██████╔╝██║  ██║   ██║   ██║╚██████╔╝██║  ██║   ██║   ███████╗   ║
║   ╚═╝      ╚═════╝ ╚═╝  ╚═╝   ╚═╝   ╚═╝ ╚═════╝ ╚═╝  ╚═╝   ╚═╝   ╚══════╝   ║
║                                                                             ║
║      ██████╗ ███████╗██╗     ███████╗███████╗███╗   ██╗                     ║
║      ██╔══██╗██╔════╝██║     ██╔════╝██╔════╝████╗  ██║                     ║
║      ██████╔╝█████╗  ██║     ███████╗█████╗  ██╔██╗ ██║                     ║
║      ██╔══██╗██╔══╝  ██║     ╚════██║██╔══╝  ██║╚██╗██║                     ║
║      ██████╔╝███████╗███████╗███████║███████╗██║ ╚████║                     ║
║      ╚═════╝ ╚══════╝╚══════╝╚══════╝╚══════╝╚═╝  ╚═══╝                     ║
║                                                                             ║
║      ██╗     ███████╗ █████╗ ██╗  ██╗                                       ║
║      ██║     ██╔════╝██╔══██╗██║ ██╔╝                                       ║
║      ██║     █████╗  ███████║█████╔╝                                        ║
║      ██║     ██╔══╝  ██╔══██║██╔═██╗                                        ║
║      ███████╗███████╗██║  ██║██║  ██╗                                       ║
║      ╚══════╝╚══════╝╚═╝  ╚═╝╚═╝  ╚═╝                                       ║
║                                                                             ║
║                    Configuration Leak Tracker                               ║
╚═════════════════════════════════════════════════════════════════════════════╝

Fortigate Belsen Leak Research

This repository contains informaion about the Fortigate firewall vulnerability (CVE-2022-40684) and affected IPs that were publicly disclosed by the Belsen Group. This information is being shared for security research and defensive purposes to help organizations identify if they were impacted.

Background

In 2022, Fortinet disclosed a critical authentication bypass vulnerability (CVE-2022-40684) affecting FortiOS, FortiProxy, and FortiSwitchManager. In January 2025, configurations from approximately 15,000 affected devices were publicly released by the Belsen Group.

Purpose

This repository serves as a resource for:

• Security researchers studying the impact of CVE-2022-40684
• Organizations to check if they were affected
• Raising awareness about the importance of timely security patches

Contents

• affected_ips.txt: List of IP addresses identified as potentially affected
• REFERENCES.md: Additional resources and references about the vulnerability

Disclaimer

This information is provided for defensive security research purposes only. The data has been publicly disclosed and is being shared to help organizations assess their exposure and take necessary remediation steps.

References

• Fortinet Advisory
• CVE-2022-40684

Contact & Support

If your organization has been impacted by this vulnerability or you need assistance with mitigation:

• 💼 LinkedIn: Amram Englander
• 📧 Secure Email: amrameng@proton.me
• 🛡️ For urgent security assistance or consultation, feel free to reach out via ProtonMail or LinkedIn

I'm available to help organizations:

• Verify if they were affected
• Provide guidance on mitigation steps
• Assist with security hardening