Fortinet tries to explain weird SSH 'backdoor' discovered in firewalls

  • 19 February 2016
  • 1 reply
  • 102 views

Userlevel 7
Badge +54

Update your firmware or suffer the consequences

 
                                 


                                  Hijacked ... Exploiting the backdoor on vulnerable FortiOS firmware (Source)
 
12 Jan 2016 at 21:39, Iain Thomson Enterprise security vendor Fortinet has attempted to explain why its FortiOS firewalls were shipped with hardcoded SSH logins.
 
It appears Fortinet's engineers implemented their own method of authentication for logging-into FortiOS-powered devices, and the mechanism ultimately uses a secret passphrase. This code was reverse-engineered by persons unknown, and a Python script to exploit the hole emerged on the Full Disclosure mailing list this week.
 
Full Article

1 reply

Userlevel 7
Ouch another boo boo on Fortinet part, being coding and thought process is needed here.

Reply