Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
fropert_FTNT
Staff
Staff

Created on ‎06-09-2015 02:40 AM

Article Id 197953

PSIRT Note: CVE-2015-1571 and Fortinet_factory certificate

Description
A recent claim by an external researcher that FortiOS 5.0.7 uses the same certificate (Fortinet_factory) and private key across different customer installations is not correct.

Every Fortinet_factory certificate is unique per unit.  The Fortinet_factory certificate is only generated on hardware based models and uses the BIOS encoded serial number which is unique in the CN field.

An official FortiGuard statement is available at the following URL in the impact note section: http://www.fortiguard.com/advisory/FG-IR-15-002/

A disputed flag has been raised with MITRE for CVE-2015-1571.

Labels:
857
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.