- Jul 27, 2015
- 5,459
- Content source
- http://www.theregister.co.uk/2016/01/12/fortinet_bakdoor/
Quote : " Enterprise security vendor Fortinet has attempted to explain why its FortiOS firewalls were shipped with hardcoded SSH logins.
It appears Fortinet's engineers implemented their own method of authentication for logging-into FortiOS-powered devices, and the mechanism ultimately uses a secret passphrase. This code was reverse-engineered by persons unknown, and a Python script to exploit the hole emerged on the Full Disclosure mailing list this week.
Anyone who uses this script against vulnerable firewalls will gain administrator-level command-line access to the equipment. After some outcry on Twitter and beyond, Fortinet responded by saying it has already killed off the dodgy login system.
...In the meantime, if you are using FortiOS then make sure the firmware is up to date. The news of this hole will have the malicious hacking community aflutter and many are no doubt already scanning for vulnerable targets. "
It appears Fortinet's engineers implemented their own method of authentication for logging-into FortiOS-powered devices, and the mechanism ultimately uses a secret passphrase. This code was reverse-engineered by persons unknown, and a Python script to exploit the hole emerged on the Full Disclosure mailing list this week.
Anyone who uses this script against vulnerable firewalls will gain administrator-level command-line access to the equipment. After some outcry on Twitter and beyond, Fortinet responded by saying it has already killed off the dodgy login system.
...In the meantime, if you are using FortiOS then make sure the firmware is up to date. The news of this hole will have the malicious hacking community aflutter and many are no doubt already scanning for vulnerable targets. "
