back to article Thought you were safe from the Fortinet SSH backdoor? Think again

Fortinet has admitted that many more of its networking boxes have the SSH backdoor that was found hardcoded into FortiOS – with FortiSwitch, FortiAnalyzer and FortiCache all vulnerable. Last week, a Python script emerged that could allow anyone to get administrator-level access to some of Fortinet's firewall devices using …

  1. This post has been deleted by its author

  2. Destroy All Monsters Silver badge
    FAIL

    "Management Authentication Issue"

    The situation whereby it's hard to authenticate management as they are all saying "it wasn't me!"

    1. Allan George Dyer Silver badge
      FAIL

      Re: "Management Authentication Issue"

      Translation:

      "wasn't a backdoor as such, we just didn't fit a lock on the front door"

    2. Halfmad

      Re: "Management Authentication Issue"

      Username: Me?

      Password: noitwashim

      Sorry, password invalid. Please try again head of information assurance.

  3. Anonymous Coward
    Anonymous Coward

    Crap

    They're spewing it, but do we have to eat it?. They are Backdoors, no matter why they were put there.

    1. Anonymous Coward
      Terminator

      Re: Crap

      Quite. Another thing that intrigued me was:

      "Following the recent SSH issue, Fortinet’s Product Security Incident Response team, in coordination with our engineering and QA teams, undertook an additional review of all of our Fortinet products,"

      So, as Fortinet Inc. has fuck all clue which of its own products have been backdoored ManagementAuthenticationIssued and has had to hurriedly audit its entire inventory to find out what's ManagementAuthenticationIssued... then who's designing/configuring their kit for them? Who the hell is Fortinet's phantom negligent system architect?

  4. Alan Brown Silver badge

    that would be the same fortinet...

    which tried to pass off Linux as its own work.

    http://www.theregister.co.uk/2005/04/29/fortinet_settles_gpl_lawsuit/

    If they tried to pull that kind of stunt once, what gives you reason to ever think they're ever trustworthy?

    1. Anonymous Coward
      Windows

      Re: that would be the same fortinet...

      But the boxes the firewalls come in are iPhone levels of shiny!

      1. Destroy All Monsters Silver badge

        Re: that would be the same fortinet...

        An AC with a logo? Interesting.

        Come to think of it, the shiny made it seem LESS trustworthy, not more. Like a guy with heavy, glittering rings on the fingers.

        1. sabroni Silver badge

          Re: that would be the same fortinet...

          An AC with a logo? Why are they hiding their posting history when posting such un-controversial stuff?

  5. Anonymous Coward
    Anonymous Coward

    Even worse

    Is the fact that you need to have a support agreement with them in order to get the update that gets rid of all these backdoors. I can understand wanting customers to pay to get new features, but getting them to pay to be safe from serious security flaws in your product - a firewall nonetheless - seems absolutely unacceptable.

    1. Anonymous Coward
      Anonymous Coward

      Re: Even worse

      Yup. I dumped their kit from two customer sites and have three more to go. It was less costly to get Netgate boxes (with support) and configure pfsense than to do the Fortinet support renewals.

  6. Velv
    Facepalm

    So, let me get this straight...

    To protect my firewall, I place it behind a firewall.

    1. Destroy All Monsters Silver badge
      Coat

      Hey, dawg! I hear you like FortiNet, so we put a firewall into your firewall so that you can backdoor while you backdoor.

  7. gerdesj Silver badge
    Windows

    pfSense lacks this feature

    How on earth is pfSense expecting to be taken seriously if they lack the security basics like a backdoor?

    I've grepped the source for "backdoor" (I even used -i) and nothing came up!

  8. Syntax Error

    Fail

    We trust these people. Another fail by the IT industry.

  9. Juan Inamillion

    Would listening to this help?

    https://www.youtube.com/watch?v=uxX18WZ6Glw

    1. Anonymous Coward
      Anonymous Coward

      Re: Would listening to this help?

      I think the Alabama Song is even more appropriate than the Back Door Man when in this "industry".

  10. Anonymous Coward
    Anonymous Coward

    Not waving, drowning

    The intern did it - Management.

  11. Anonymous Blowhard

    When is a backdoor not a backdoor?

    Fortinet explained that this wasn't a backdoor as such, but a "management authentication issue."

    So not so much a back door as a large hole in the wall where the actual door should be...

  12. CPU

    Ah, the irony of having to put a firewall in front of your firewall to protect it- nice one Fortinet ;-)

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like

Biting the hand that feeds IT © 1998–2022