From PC World: Network security vendor Fortinet has identified an authentication issue that could give remote attackers administrative control over some of its products.
The issue, which was described as a FortiGuard SSH (Secure Shell) backdoor, was originally disclosed earlier this month by an anonymous researcher, who also published exploit code for it.
Last week, Fortinet said that the problem was not an intentional backdoor, but the result of a management feature which relied on an undocumented account with a hard-coded password. Additionally the company noted that the issue was fixed in FortiOS back in July 2014, after being identified as a security risk by the company's own product security team.
FortiOS is the operating system that runs on Fortinet's FortiGuard network firewall appliances. The versions patched in 2014 were FortiOS 4.3.17 and FortiOS 5.0.8, while the newer 5.2 and 5.4 branches have never been affected.
View: Article @ Source Site
