Fortinet Firewalls – Hardcoded Password Backdoor Leaked

By | January 12, 2016

Fortinet Firewall

Nowadays many big organisations are using Fortinet Firewalls.

An anonymous security researcher has discovered highly suspicious code in FortiOS firewall from enterprise security vendor Fortinet. Last month some security researchers reported security issues in Juniper firewalls.

According to the security researcher this security hole affecting older versions of Fortinet’s FortiOS operating system which allows attackers to gain unauthorized access to vulnerable devices, but the vendor says it’s not a malicious backdoor.

Anyone with “Fortimanager_Access” username and a hashed version of the “FGTAbc11*xy+Qqz27” password string, which is hard coded into the firewall, can login into Fortinet’s FortiGate firewall networking equipment.
But According to the company this SSH user is created for challenge-and-response authentication routine for logging into Fortinet’s servers with the secure shell (SSH) protocol.
This issue affected all FortiOS versions from 4.3.0 to 4.3.16 and 5.0.0 to 5.0.7, which cover FortiOS builds from between November 2012 and July 2014.
Researchers posted the exploit code with full description mailing list this week, it is helping wannabe hackers generate the backdoor’s dynamic password.They also posted a screen shot for the the confirmation.
Fortinet Firewall

According to the explanation, if anyone is using this backdoor account doesn’t appear in the device’s access logs.

Fortinet did not released any advisory for this vulnerability at the time when it was patched. In an advisory they published on Tuesday, the company provided the following workarounds: disable SSH admin access on all interfaces, or restrict SSH access to authorised IP addresses.

Subscribe for latest security updates