Bugtraq mailing list archives
Re: Backdoor in Fortinet´s firewall Fortigate
From: Derek Martin <code () pizzashack org>
Date: Fri, 3 Jun 2005 14:08:07 -0400
On Thu, Jun 02, 2005 at 12:28:53PM -0700, Michael J McCafferty wrote:
This is a documented feature of the FortiGate and FortiLog devices. You must have a local serial connection. So, this is not remotely exploitble. If someone has physical access to your firewall to make a serial connection, then you have plenty of other problems too.
While this is definitely so, in the real world we do not always have complete control over who has physical access to our devices. We may, for example, have co-located devices in a facility managed by some other entity. Some PC manufacturers have a jumper on the motherboard which can be used to reset BIOS passwords/defaults, which requires that the machine be taken out of service in order to be reset (or tampered with). I think this is a much better model for device recovery than a default password on a console login... We are probably a lot more likely to notice our firewall being taken out of service than we are to notice someone tampering with the console... -- Derek D. Martin http://www.pizzashack.org/ GPG Key ID: 0x81CFE75D
Attachment:
_bin
Description:
Current thread:
- Backdoor in Fortinet´s firewall Fortigate Johan Andersson (Jun 02)
- Re: Backdoor in Fortinet´s firewall Fortigate Michael J McCafferty (Jun 02)
- Re: Backdoor in Fortinet´s firewall Fortigate Derek Martin (Jun 03)
- <Possible follow-ups>
- RE: Backdoor in Fortinet´s firewall Fortigate Matt Gibson (Jun 02)
- Re: Backdoor in Fortinet´s firewall Fortigate Michael J McCafferty (Jun 02)