Use of a hard-coded cryptographic key to cipher sensitive data in configuration backup files
Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key.
The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).
5.6.10 and below
6.0.6 and below
In versions 5.6.11, 6.0.7 and 6.2.1 and above, admins can choose to be prompted for a password, which is then used by FortiOS to encrypt sensitive data in the configuration file. The following steps enable this option:
#config system global
# set private-data-encryption enable
Please type your private data encryption key (32 hexadecimal numbers):
Please re-enter your private data encryption key (32 hexadecimal numbers) again:
This CLI option is disabled by default.
Fortinet is very pleased to thank Bart Dopheide (email@example.com) as well as Independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev for reporting this vulnerability under responsible disclosure and for helping us make our products more secure.