Security News > 2020 > January > Hardcoded SSH Key Found in Fortinet SIEM Appliances
2020-01-20 19:37
A hardcoded SSH public key in Fortinet's Security Information and Event Management FortiSIEM can be abused to access the FortiSIEM Supervisor.
The hardcoded SSH key is for the user 'tunneluser', is the same between installs and is also stored unencrypted in the FortiSIEM image.
The feature, Fortinet says, is meant to enable connecting to collectors from the supervisor when a firewall exists between collector and the supervisor.
Fortinet advises customers who are not using the reverse tunnel feature to disable SSH on port 19999.
The security company advises customers to also disable 'tunneluser' SSH access on port 22.