
Fortinet removes SSH and database backdoors from its SIEM product - LinuxBender
https://www.zdnet.com/article/fortinet-removes-ssh-and-database-backdoors-from-its-siem-product/
======
grammarxcore
I misinterpreted the title. Fortinet has removed backdoors from SSH and
databases in its product. Granted, I'm genuinely surprised any security
program has this feature:

> "FortiSIEM has a hardcoded SSH public key for user 'tunneluser' which is the
> same between all installs," said Andrew Klaus, the security researcher who
> identified this issue.

What other horrible assumptions have been hardcoded into this product that we
have yet to discover?

------
musicale
Bummer. Now it will be slightly harder to block these monstrosities and the
idiots who want to buy them.

------
java-man
They removed a feature.

Somebody coded this in, code has been reviewed, managers approved the time
spent on this, meetings held, etc. There is a git commit (or CVS, who knows)
with the name and a ticket number.

Right now there are probably urgent meetings being held between the interested
parties to re-introduce a similar access feature back to the code base, using
maybe a password derived from an ip address or serial number.

