BLOG

 

Fortinet Backdoor

I think it may be time to the InfoSec community to collectively send a message. Backdoors are not OK. Backdoors with hardcoded passwords are even worse and saying you fixed a backdoor when all you did was obscure it with port knocking is the last straw.

Fortinet has claimed their 'feature' is fixed however the hardcoded password is still there. It's FGTAbc11*xy+Qqz27 by the way. Search the code for it. 

So the "issue" is no longer exposed but the hardcoded password is still there? Uh, can't get to SSH? Well why leave it in? The only reason I can think of is because they still plan to use it. If they do the first thought I had if they must now be relying on port knocking right? I figure someone will figure this out and let us know soon.

So here is where the community needs to step up and say this is not acceptable. We should do it by recommending everyone to jump ship and drop Fortinet products completely. Stop selling it, stop recommending it, stop servicing it. If you have it in your environment, REPLACE IT! That's it. That's the only way this message will get across.