Hardcoded ssh passwords in some Fortinet firewalls (FortiGate OS 4.x to 5.0.7)
▻http://arstechnica.com/security/2016/01/et-tu-fortinet-hard-coded-password-raises-new-backdoor-eavesdropping-fe
Less than a month after Juniper Network officials disclosed an unauthorized backdoor in the company’s NetScreen line of firewalls [1], researchers have uncovered highly suspicious code in older software from Juniper competitor Fortinet.
Researchers were able to unearth a hard-coded password of FGTAbc11*xy+Qqz27
Fortunate officials deny.
This issue was resolved and a patch was made available in July 2014 as part of Fortinet¹s commitment to ensuring the quality and integrity of our codebase. This was not a “backdoor” vulnerability issue but rather a management authentication issue.
▻http://seclists.org/fulldisclosure/2016/Jan/26
#backdoor #password
#firewall
#Fortinet
___
[1] see ►http://seenthis.net/messages/442614 and ▻http://seenthis.net/messages/443244