Hard-Coded Password Backdoor to Fortinet Firewalls Leaked


Enterprise security firm Fortinet is the latest company with a potentially large security breach. Find out if this affects you and what to do to stay protected.

What Happened?

According to an anonymous security researcher, code discovered in the FortiOS operating system includes an SSH backdoor that can be used to access the FortiGate firewall networking equipment. This exploit code has been making its rounds on the Internet, helping hackers potentially gain access to the backdoor’s password and thereby allowing remote access control.

Products that Were Affected

The following products were affected by this breach:

  • FortiOS 4.3.0 to 4.3.16
  • FortiOS 5.0.0 to 5.0.7

Currently supported branches (FortiOS 5.2 and 5.4) were not affected.

Next Steps

Fortinet recommends immediately updating any affected FortiOS products. For more information, please refer to Fortinet’s brief statement about the breach.