"Management Authentication Issue"
The situation whereby it's hard to authenticate management as they are all saying "it wasn't me!"
Fortinet has admitted that many more of its networking boxes have the SSH backdoor that was found hardcoded into FortiOS – with FortiSwitch, FortiAnalyzer and FortiCache all vulnerable. Last week, a Python script emerged that could allow anyone to get administrator-level access to some of Fortinet's firewall devices using …
This post has been deleted by its author
Quite. Another thing that intrigued me was:
"Following the recent SSH issue, Fortinet’s Product Security Incident Response team, in coordination with our engineering and QA teams, undertook an additional review of all of our Fortinet products,"
So, as Fortinet Inc. has fuck all clue which of its own products have been
backdoored ManagementAuthenticationIssued and has had to hurriedly audit its entire inventory to find out what's ManagementAuthenticationIssued... then who's designing/configuring their kit for them? Who the hell is Fortinet's phantom negligent system architect?
Is the fact that you need to have a support agreement with them in order to get the update that gets rid of all these backdoors. I can understand wanting customers to pay to get new features, but getting them to pay to be safe from serious security flaws in your product - a firewall nonetheless - seems absolutely unacceptable.
Biting the hand that feeds IT © 1998–2022