Find a Question:
Some versions Fortinet firewalls are vulnerable authenticatielek
In some versions of the FortiOS operating system, which is present on at Fortinet firewalls would be a authenticatielek. This would allow an attacker access to the device. The security company denies that it is a backdoor.
According to various Twitter, posts it on the vulnerability just that to go back through. The messages include from security researcher Ralf-Philipp Weinmann, who earlier reports published about the leak in Juniper firewalls. The vulnerability came to the attention after a python exploit appeared in a mailing list. This was according to Ars Technica use a preset password, FGTAbc11 * xy + Qqz27, which allows an attacker to create an ssh connection. Other sources write that there is a variable is created, on the basis of which an authentication key is generated.
According to Fortinet is no backdoor however, but a ‘management authentication issue. The vulnerability is in accordance with the company in versions 4.3.0 to 4.3.16 Human and 5.0.0 to 5.0.7 of FortiOS. This lets it know in a security advisory. The leak would have already been resolved in July 2014. This means that only devices using an outdated version of the FortiOS software are vulnerable. It is therefore also highly recommended to perform an update.
In addition, according to Fortinet no question of vulnerability “comes from the malicious intent of internal or external parties. This company seems to want to avoid the appearance that someone deliberately wanted to allow access to the firewalls. The same suspicions also arose during the recent leak in Juniper firewallsViewing:-136
Answer this Question
You must be Logged In to post an Answer.
Not a member yet? Sign Up Now »
Star Points Scale
Earn points for Asking and Answering Questions!