Certain versions of Fortinet firewalls are vulnerable due to authentication leak

In certain versions of the FortiOS operating system, which is present on Fortinet firewalls, an authentication leak is said to exist. This could allow an attacker to gain access to the device. The security company disputes that it is a backdoor.

According to several Twittermessages the vulnerability would be a backdoor. The messages come from, among others, security researcher Ralf-Philipp Weinmann, who previously published reports about the leak in Juniper firewalls. The vulnerability came to the fore after a python exploit appeared in a mailing list. According to Ars Technica, this would use a preprogrammed password, FGTAbc11*xy+Qqz27, with which an attacker can establish an ssh connection. Other Resources to write that a variable is created, on the basis of which an authentication key is generated.

According to Fortinet, however, it is not a backdoor, but a ‘management authentication issue’. According to the company, the vulnerability appears in versions 4.3.0 to 4.3.16 and 5.0.0 to 5.0.7 of FortiOS. This will be announced in a security advisory. The leak is also said to have been fixed in July 2014. This means that only devices using an outdated version of the FortiOS software are vulnerable. It is therefore strongly recommended to perform an update.

In addition, according to Fortinet, there is no question that the vulnerability ‘results from the malicious intentions of internal or external parties’. With this, the company seems to want to counter the appearance that someone intentionally wanted to allow access to the firewalls. The same suspicions were also raised with the recent leak in Juniper firewalls.