Posted on 01/13/2016 6:18:43 PM PST by Utilizer
Firewall vendor FortiNet has denied that the FortiGate OS operating system that runs its devices comes with a backdoor, despite a researcher purportedly posting proof of concept code on a security mailing list.
Over the weekend, a Python script was posted anonymously, which appeared to allow remote access to Fortinet devices over the Secure Shell protocol. The post disclosed a passord hard-coded into the FortiGate OS.
The password is said to work on FortiOS version 4.x to 5.0.7, and a screenshot was posted on Twitter, allegedly showing that the script for the backdoor is working, providing remote access to Fortinet devices.
However, the vendor issued a statement denying the vulnerability is found in any versions of its firewall operating system released after July 2014.
"The recent issue that was disclosed publicly was resolved and a patch was made available in July 2014 as part of Fortinet's commitment to ensuring the quality and integrity of our codebase.
(Excerpt) Read more at itnews.com.au ...
“These are not the droids you seek” denial.
This company is all Chinese in Sunnyvale, CA. I won’t be surprised that firewall is open for China defense researchers .
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.