Here's a snapshot from the FTNT blog
http://blog.fortinet.com/post/brief-statement-regarding-issues-found-with-fortios
So if a security company can't get it right, that makes one wonder what else they are doing that we don't know about.
To mitigate this, we need to disable allowaccess for ssh or upgrade. If you must run ssh then use a non-Standard port or deploy a 2 tier access by deploying a sslvpn access 1st and then ssh allow on the ssl interface.
http://socpuppet.blogspot.com/2014/12/hardening-your-unix-ssh-server-access.html
http://socpuppet.blogspot.com/2015/03/sslvpn-sslroot-management-access.html
Ken Felix
NSE ( network security expert) and Route/Switching Engineer
kfelix -----a----t---- socpuppets ---dot---com
^ ^
=( @ @ )=
o
/ \
There is no reason here to lose faith in Fortinet. They discovered this authentication vulnerability in their SSH (it's not a backdoor) over 18 months ago and corrected it.
ReplyDeleteDifferent SSH implementations have had a variety of different vulnerabilities over time. OpenSSH just announced one: http://www.eweek.com/security/openssh-flaw-exposes-linux-servers-to-roaming-risk.html
If you want to lose faith in a "security company" then lose faith in Juniper. They allowed a REAL backdoor to sit in their code for over three years!
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
I want to correct you. Fortinet didn't find this, a 3rd party found this backdoor from the hashed password and challenge.
ReplyDeleteIt should make all wonder who else has backdoor, or as fortinet states "management vulnerability".