There was a recent FortiGate SSL VPN vulnerability, commonly referred to as FortiBleed, disclosed by Fortinet. You can verify under the SSL VPN setting if it's explicitly enabled. The Fortinet PSIRT advisory also outlined the mitigation steps and required software patch to address the said vulnerability.
FGT # config vpn ssl settings
FGT (settings) # show
config vpn ssl settings
set banned-cipher SHA1 SHA256 SHA384
set servercert ''
set port 443
end
FGT(settings) # set status
enable Enable Agentless VPN.
disable Disable Agentless VPN.
Per the Fortinet Tech Tip, starting FortiOS 7.2.11 and above use PBKDF2 for hashing the local admin password. You can confirm this with the "ENC PB2" used in the password encryption. Prior to 7.2.11, it uses SHA256.
FGT (global) # config system admin
FGT (admin) # edit "fw-admin"
FGT (fw-admin) # show
config system admin
edit "fw-admin"
set vdom "root"
set accprofile "super_admin"
set password ENC PB2abcdOMd71rT5MBTtJ2QTOmeb8M3Q4KglpTwQTCP/q5Xg06bEjO4FGR9TvjeAFa+BgL6JRv9vrq0GHL93u8kbt8QoWtvZV0pvMoUqI123456=
next
end
No comments:
Post a Comment