FortiGuard SSH backdoor found in more Fortinet security appliances
Network security vendor Fortinet has identified an authentication issue that could give remote attackers administrative control over some of its products.
The issue, which was described as a FortiGuard SSH (Secure Shell) backdoor, was originally disclosed earlier this month by an anonymous researcher, who also published exploit code for it.
Last week, Fortinet said that the problem was not an intentional backdoor, but the result of a management feature which relied on an undocumented account with a hard-coded password. Additionally the company noted that the issue was fixed in FortiOS back in July 2014, after being identified as a security risk by the company’s own product security team.