An Interest In:
Web News this Week
- March 31, 2024
- March 30, 2024
- March 29, 2024
- March 28, 2024
- March 27, 2024
- March 26, 2024
- March 25, 2024
Some of Our Sources
- Slashdot
- BoingBoing
- TutsPlus - Code
- Web Designer Wall
- Spoon Graphics
- Smashing Apps
- Reencoded
- CSS Globe
- Line 25
- TechPowerUp
Help Webnuz
Referal links:
November 26, 2019 07:30 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/u0ykdmu5gNs/some-fortinet-products-shipped-with-hardcoded-encryption-keys
Some Fortinet Products Shipped With Hardcoded Encryption Keys
Fortinet, a vendor of cyber-security products, took between 10 and 18 months to remove a hardcoded encryption key from three products that were exposing customer data to passive interception. From a report: The hardcoded encryption key was found inside the FortiOS for FortiGate firewalls and the FortiClient endpoint protection software (antivirus) for Mac and Windows. These three products used a weak encryption cipher (XOR) and hardcoded cryptographic keys to communicate with various FortiGate cloud services. The hardcoded keys were used to encrypt user traffic for the FortiGuard Web Filter feature, FortiGuard AntiSpam feature, and FortiGuard AntiVirus feature. A threat actor in a position to observe a user or a company's traffic would have been able to take the hardcoded encryption keys and decrypt this weakly encrypted data stream.Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/u0ykdmu5gNs/some-fortinet-products-shipped-with-hardcoded-encryption-keys
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot