The FortiOS has a build-in hardcoded SSH backdoor. This issue affected all FortiOS versions from 4.3.0 to 4.3.16 and 5.0.0 to 5.0.7, which cover FortiOS builds from between November 2012 and July 2014. Fortinet published a brief statement via a blog post: “This was not a “backdoor” vulnerability issue but rather a management authentication issue. The issue was identified by our Product Security team as part of their regular review and testing efforts.”
Anyone with “Fortimanager_Access” username and a hashed version of the “FGTAbc11*xy+Qqz27” password string can login into Fortinet’s FortiGate firewall.
Source: thehackernews.com
