More Fortinet products found using embedded password


The use of a hardcoded password for communication between Fortinet's firewall appliances and its FortiManager product is more widespread than initially believed.

The issue first came to light two weeks ago when an anonymous researcher published exploit code that exposed a backdoor in FortiOS, a purpose-built operating system that powers the company's network security devices.

Fortinet had explained that the backdoor was an unintentional one that had its roots as a management control method. A statement from the company at that time suggested workarounds such as blocking SSH, and that the issue had already been identified and resolved in 2014.

However, it appears that an investigation the security firm conducted after the initial debacle found versions of FortiSwitch, FortiAnalyzer and FortiCache that were also plagued by the same flaw.

"These versions have the same management authentication issue that was disclosed in legacy versions of FortiOS," wrote Fortinet in a new blog post, in which it reiterated that it was not a "malicious backdoor."

"As previously stated, this vulnerability is an unintentional consequence of a feature that was designed with the intent of providing seamless access from an authorized FortiManager to registered FortiGate devices," wrote Fortinet. "It is important to note, this is not a case of a malicious backdoor implemented to grant unauthorized user access."

Fortinet is attempting to distance itself from the unauthorized code found in some firewalls from rival Juniper last year. While it wasn't clear who might be responsible for that malicious code, the mere existence of the two separate bugs to allow an external party to gain unauthorized access, as well as to snoop on encrypted VPN connections, hint strongly of a state-sponsored connection.

Both Juniper and Fortinet command a sizeable niche in the area of network security, and it isn't clear if an insecure design is that much more desirable than malicious code planted by top-class hackers. Still, credit should be given to Fortinet for going public with its latest findings.

For more:
- check out this blog at Fortinet
- check out this article at Ars Technica

Related Articles:
Juniper warns of 'unauthorized' spy code in its firewall
Embedded password in Fortinet firewall causes alarm
Cisco warns about vulnerable SSH keys in its virtual security appliances