FortiGuard SSH Backdoor Found In More Fortinet Security Appliances

itwbennett writes: Earlier this month, an SSH backdoor was identified in Fortinet firewall appliances. Last week, the company said that the problem was not an intentional backdoor, but the result of a management feature which relied on an undocumented account with a hard-coded password. Now, it has found that the same issue also exists in some versions of FortiSwitch, FortiAnalyzer and FortiCache. They said, "In accordance with responsible disclosure, today we have issued a security advisory that provides a software update that eliminates this vulnerability in these products. This update also covers the legacy and end-of-life products listed above. We are actively working with customers and strongly recommend that all customers using [those] products update their systems with the highest priority."

What the hell?

[gstoddart]

Last week, the company said that the problem was not an intentional backdoor, but the result of a management feature which relied on an undocumented account with a hard-coded password

Dear god, this company makes security products???

This is so crazy stupid it isn't even funny.

It's backdoor, no matter what you call it. An undocumented account with a hard-coded password is the very definition of a backdoor.

This is just PR spin. It's a backdoor, and pretending otherwise if bullshit.