Hardcoded symmetric key in fips.c
Summary
Use of a hard-coded cryptographic key to encrypt password data in CLI configuration in FortiOS, FortiManager and FortiAnalyzer may allow an attacker with access to the CLI configuration or the CLI backup file to decrypt the sensitive data, via knowledge of the hard-coded key.
Affected Products
CVE-2019-6693: FortiOS 6.2.0, 6.0.0 to 6.0.6, 5.6.10 and below.
(impacts all credential data of type "ENC" in FortiOS CLI configuration except the administrator's password)
CVE-2020-9289: FortiManager 6.2.4 and below
(impacts all credential data of type "ENC" in FortiManager CLI configuration)
CVE-2020-9289: FortiAnalyzer 6.2.3 and below
(impacts all credential data of type "ENC" in FortiAnalyzer CLI configuration)
If the CLI configuration is exposed (typical example: Willingly posted on a forum for troubleshooting purpose), it is possible to decrypt the encrypted ENC type data to plaintext using this hard-coded cryptographic key. Same goes for the system backup file, if it is not password protected.
Solutions
FortiOS: In versions 5.6.11 and above, 6.0.7 and above, and 6.2.1 and above, administrators can choose to be prompted for a password, which is then used by FortiOS to encrypt sensitive data in the configuration file.
The following steps enable this option:<br/>config system global<br/>set private-data-encryption enable /* disabled by default */<br/>end<br/>
FortiManager: Upgrade to FortiManager 6.2.5 or above and enable the following newly introduced CLI setting, to prompt for a user-defined cryptographic key; the user-defined key will then be used to cipher ENC type data in the configuration:<br/>configure system global<br/>set private-data-encryption enable /* disabled by default */<br/>end<br/>
FortiAnalyzer: Upgrade to FortiAnalyzer 6.2.4 or above and enable the following newly introduced CLI setting, to prompt for a user-defined cryptographic key; the user-defined key will then be used to cipher ENC type data in the configuration:<br/>configure system global<br/>set private-data-encryption enable /* disabled by default */<br/>end<br/>
Workaround: * Always use a password to protect the system configuration file when performing backups *
The impacted ENC type data in CLI configuration, if exposed, should currently be considered "easy to decrypt" by potential attackers. Thus, avoid exposure of configuration in unsafe and/or public channels (forums, etc...) Note: Enabling private-data-encryption on FortiGates that are centrally managed by a FortiManager or are in High Availability mode may lead to some bugs including an install errors on the FortiManager side and split-brain. This issue is fixed in FortiManager versions 6.2.7 and above and in FortiGate versions 6.2.6, 6.4.4, 6.6.0 and above. Moreover, we can verify that the user provided key is the same on FortiManager and FortiGate sides by executing the below commands: FortiGate-201E<br/>exec private-encryption-key sample FortiGate-201E<br/>exec private-encryption-key verify<br/>
Verification passed.
Note:
FIPS-CC devices are not impacted as the encryption method is overridden.
Revision History:
11-19-2019 Initial Version
06-11-2020 Add FortiManager CVE-2020-9289 06-30-2020 Add FortiAnalyzer CVE-2020-9289
11-13-2020 Update Solution section
02-22-2024 Add FIPS-CC note
Acknowledgement
Fortinet is pleased to thank Bart Dopheide (bart.dopheide@axians.com) for reporting CVE-2019-6693 as well as independent research team Denis Kolegov, Maxim Gorbunov, Nikita Oleksov and Anton Nikolaev for reporting CVE-2019-6693 and CVE-2020-9289 under responsible disclosure.Timeline
2020-06-30: Initial publication