[39063] in bugtraq
=?iso-8859-1?Q?RE=3A_Backdoor_in_Fortinet=B4s_firewall_Fortigate?=
daemon@ATHENA.MIT.EDU (Matt Gibson)
Thu Jun 2 18:24:16 2005
Content-class: urn:content-classes:message
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Date: Thu, 2 Jun 2005 12:01:32 -0700
Message-ID: <72FE7F2E68051246B961B44297180E7DE7C1@indigo.Blueedge.local>
From: "Matt Gibson" <Mattg@blueedgetech.ca>
To: "Johan Andersson" <andersson@one.se>, <bugtraq@securityfocus.com>
Content-Transfer-Encoding: 8bit
I fail to see how this is a "backdoor".
This is how one would reset their master password on the device.
Physical access always trumps all other forms of security.
Cisco routers can have their password reset if you gain physical access to them as well.
And (if nothing else), this method is not new, and is well documented by Fortigate.
Matt Gibson - GSEC FCSE
-----Original Message-----
From: Johan Andersson [mailto:andersson@one.se]
Sent: June 1, 2005 4:10 PM
To: bugtraq@securityfocus.com
Subject: Backdoor in Fortinetīs firewall Fortigate
If you have console access to this box, you are able to get root access
or more by using the Username: maintainer
Password: pbcpbn[here should you type the serialnr. of the box, the
characters should be in Capital letters.]
FortiOS: 2.x
Regards
Johan Andersson
Atea Security, Sweden
Phone: +46-709-19 71 76
Mail: johan.andersson@atea.com
