| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <1117740533.429f5df5354e4@webmail.m5computersecurity.com> Date: Thu, 2 Jun 2005 12:28:53 -0700 From: Michael J McCafferty <mike@...omputersecurity.com> To: Johan Andersson <andersson@....se>, bugtraq@...urityfocus.com Subject: Re: Backdoor in FortinetĀ“s firewall Fortigate This is a documented feature of the FortiGate and FortiLog devices. You must have a local serial connection. So, this is not remotely exploitble. If someone has physical access to your firewall to make a serial connection, then you have plenty of other problems too. For reference: http://kc.forticare.com/default.asp?SID=&Lang=1&id=407 http://kc.forticare.com/default.asp?id=837&Lang=1 Mike Quoting Johan Andersson <andersson@....se>: > If you have console access to this box, you are able to get root access > or more by using the Username: maintainer > Password: pbcpbn[here should you type the serialnr. of the box, the > characters should be in Capital letters.] > FortiOS: 2.x > > Regards > Johan Andersson > Atea Security, Sweden > Phone: +46-709-19 71 76 > Mail: johan.andersson@...a.com > -- ************************************************************ Michael J. McCafferty Principal, Security Engineer M5 Hosting 858-576-7325 Voice http://www.m5hosting.com ************************************************************ ---------------------------------------------------------------- This message was sent using IMP, the Internet Messaging Program.
Powered by blists - more mailing lists