Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: RE: Backdoor in Fortinetīs firewall Fortigate

RE: Backdoor in Fortinetīs firewall Fortigate

From: Matt Gibson <Mattg_at_blueedgetech.ca>
Date: Thu, 2 Jun 2005 12:01:32 -0700

I fail to see how this is a "backdoor".

This is how one would reset their master password on the device.

Physical access always trumps all other forms of security.

Cisco routers can have their password reset if you gain physical access to them as well.

And (if nothing else), this method is not new, and is well documented by Fortigate.

Matt Gibson - GSEC FCSE

-----Original Message-----
From: Johan Andersson [mailto:andersson_at_one.se]
Sent: June 1, 2005 4:10 PM
To: bugtraq_at_securityfocus.com
Subject: Backdoor in Fortinetīs firewall Fortigate

If you have console access to this box, you are able to get root access
or more by using the Username: maintainer
Password: pbcpbn[here should you type the serialnr. of the box, the
characters should be in Capital letters.]
FortiOS: 2.x

Regards
Johan Andersson
Atea Security, Sweden
Phone: +46-709-19 71 76
Mail: johan.andersson_at_atea.com
Received on Jun 02 2005

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]