Secret Backdoor Found in More Fortinet Products

Fortinet officials have warned that the recently identified backdoor in hardware sold by the company has now been found in multiple new products.

The revelation came to light when an undocumented account with a hard-coded password was posted online, along with an attack code exploiting the backdoor. Fortinet’s official response noted that the attack code only affected older versions of the company’s FortiOS software. The company added that the undocumented method for logging into servers using the secure shell (SSH) protocol was a “remote management” feature that was removed in July 2014.

However, a revised statement this week in a blog post confirmed that the backdoor was still active in several products that are still currently being used. These include some versions of its FortiSwitch, FortiCache and FortiAnalyzer devices.

The company made the revelation in accordance to ISO industry practices that mandates companies to follow and comply with regular review processes. These include multiple tiers and run-throughs of inspection, third-party audits, automated triggers and even internal audits as well as the tools used during the entire development of the source code.

Suffice to say, backdoors are always a concern for privacy and security. Undocumented backdoors make for a bigger security concern as they enable outsiders and malicious hackers to gain unauthorized access to sensitive information in critical devices.

Backdoors have been increasingly scrutinized ever since Juniper’s revelation that there was unauthorized code added to its Netscreen line of firewalls. One of the significant vulnerabilities from the incident was the possibility of attackers decrypting encrypted traffic through the firewall.

For the company’s part, Fortinet has claimed that the backdoor in its products had no malicious intentions. However, an undocumented backdoor always represents a major vulnerability, one which can be exploited by any covert eavesdropper.

Fortinet is one of the leading providers of Network Security and have a significant clientele that includes a majority of the Fortune Global 100 companies, making the subject of a backdoor all the more critical.

Customers using the following products with the accompanying software versions are advised to update their software immediately.

  • FortiAnalyzer: 5.0.5 to 5.0.11 and 5.2.0 to 5.2.4 (branch 4.3 is not affected)
  • FortiSwitch: 3.3.0 to 3.3.2
  • FortiCache: 3.0.0 to 3.0.7 (branch 3.1 is not affected)
  • FortiOS 4.1.0 to 4.1.10
  • FortiOS 4.2.0 to 4.2.15
  • FortiOS 4.3.0 to 4.3.16
  • FortiOS 5.0.0 to 5.0.7

Image credit: Twitter.