Forum » Informacijska varnost » Fortinet backdoor
Fortinet backdoor
jukoz ::
http://arstechnica.com/security/2016/01...
"The suspicious code contains a challenge-and-response authentication routine for logging into servers with the secure shell (SSH) protocol."
"Researchers were able to unearth a hard-coded password of "FGTAbc11*xy+Qqz27" ..."
"In a statement, Fortinet officials rejected the backdoor characterization."
Majo pa lepo python skripto =)
"The suspicious code contains a challenge-and-response authentication routine for logging into servers with the secure shell (SSH) protocol."
"Researchers were able to unearth a hard-coded password of "FGTAbc11*xy+Qqz27" ..."
"In a statement, Fortinet officials rejected the backdoor characterization."
Majo pa lepo python skripto =)
SeMiNeSanja ::
Pa ravno včeraj, sem pisal, da ni fer, da se zdaj Juniper pribija na križ, ker se nekaj podobnega lahko zgodi komurkoli v branži.....eto, pa že imamo naslednji primer.
jukoz ::
Njihov prejšnji statement:
"This was not a "backdoor" vulnerability issue but rather a management authentication issue."
Kot kaže imajo še nekaj primerov "management authentication issue"
Članek:
http://arstechnica.com/security/2016/01...
Original post:
http://blog.fortinet.com/post/ssh-issue...
"In accordance with responsible disclosure, today we have issued a security advisory that provides a software update that eliminates this vulnerability in these products. This update also covers the legacy and end-of-life products listed above. We are actively working with customers and strongly recommend that all customers using the following products update their systems with the highest priority:
FortiAnalyzer: 5.0.5 to 5.0.11 and 5.2.0 to 5.2.4 (branch 4.3 is not affected)
FortiSwitch: 3.3.0 to 3.3.2
FortiCache: 3.0.0 to 3.0.7 (branch 3.1 is not affected)
FortiOS 4.1.0 to 4.1.10
FortiOS 4.2.0 to 4.2.15
FortiOS 4.3.0 to 4.3.16
FortiOS 5.0.0 to 5.0.7
"
"This was not a "backdoor" vulnerability issue but rather a management authentication issue."
Kot kaže imajo še nekaj primerov "management authentication issue"
Članek:
http://arstechnica.com/security/2016/01...
Original post:
http://blog.fortinet.com/post/ssh-issue...
"In accordance with responsible disclosure, today we have issued a security advisory that provides a software update that eliminates this vulnerability in these products. This update also covers the legacy and end-of-life products listed above. We are actively working with customers and strongly recommend that all customers using the following products update their systems with the highest priority:
FortiAnalyzer: 5.0.5 to 5.0.11 and 5.2.0 to 5.2.4 (branch 4.3 is not affected)
FortiSwitch: 3.3.0 to 3.3.2
FortiCache: 3.0.0 to 3.0.7 (branch 3.1 is not affected)
FortiOS 4.1.0 to 4.1.10
FortiOS 4.2.0 to 4.2.15
FortiOS 4.3.0 to 4.3.16
FortiOS 5.0.0 to 5.0.7
"
Vredno ogleda ...
| Tema | Ogledi | Zadnje sporočilo | |
|---|---|---|---|
| Tema | Ogledi | Zadnje sporočilo | |
| » | Juniper backdoorsOddelek: Informacijska varnost | 8421 (6865) | jukoz |
| » | Resna ranljivost v GNU C knjižniciOddelek: Novice / Varnost | 14491 (11301) | Verni |
| » | OpenSSH client bug CVE-0216-0778Oddelek: Informacijska varnost | 2847 (2555) | jype |
| » | RanljivostOddelek: Pomoč in nasveti | 1731 (1363) | SeMiNeSanja |
| » | RSA za 10 milijonov dolarjev iz NSA namerno oslabila algoritem (strani: 1 2 )Oddelek: Novice / Varnost | 20216 (16765) | LightBit |