Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Bugtraq: Re: Backdoor in Fortinetīs firewall Fortigate

Re: Backdoor in Fortinetīs firewall Fortigate

From: Michael J McCafferty <mike_at_m5computersecurity.com>
Date: Thu, 2 Jun 2005 12:28:53 -0700

This is a documented feature of the FortiGate and FortiLog devices.
You must have a local serial connection. So, this is not remotely exploitble. If
someone has physical access to your firewall to make a serial connection, then
you have plenty of other problems too.

For reference:
http://kc.forticare.com/default.asp?SID=&Lang=1&id=407
http://kc.forticare.com/default.asp?id=837&Lang=1

Mike

Quoting Johan Andersson <andersson_at_one.se>:

> If you have console access to this box, you are able to get root access
> or more by using the Username: maintainer
> Password: pbcpbn[here should you type the serialnr. of the box, the
> characters should be in Capital letters.]
> FortiOS: 2.x
>
> Regards
> Johan Andersson
> Atea Security, Sweden
> Phone: +46-709-19 71 76
> Mail: johan.andersson_at_atea.com
> 

-- 
************************************************************ 
Michael J. McCafferty 
Principal, Security Engineer 
M5 Hosting
858-576-7325 Voice 
http://www.m5hosting.com 
************************************************************
----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.
Received on Jun 02 2005
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]