Last month, a significant finding in Fortinet devices was discovered and published. When I say significant, I mean, it’s huge – Multiple Products SSH Undocumented Login Vulnerability. In other words, there’s a username/password combination that works on all devices running the affected firmware versions. If you are still running an affected version, you NEED to upgrade now! This is bad in so many ways, especially following similar issues with Juniper and everything we’ve seen from Snowden’s data dumps. Fortinet responded by saying ‘This was not a “backdoor” vulnerability issue but rather a management authentication issue.’
Is that right? What is a “backdoor” and what is “management authentication”? Is there an actual difference between the two, or is just a vendor trying to save their butt? I got into a discussion about that on twitter:
@rnelson0 @discoposse @mdowd I am not sure I understand? Are you saying to qualify as a backdoor it must be robust to system changes?
— Ethan Heilman (@Ethan_Heilman) January 12, 2016
//platform.twitter.com/widgets.js
Ethan challenged me to think about the terminology and I think I’ve come around a bit. Here’s what I now believe the two terms mean.
rnelson0 