Follow

WTF Fortinet?

Their FortiGuard service communication (sending customer behaviour metadata to the cloud to get back threat ratings) was encrypted with a static key, used over several products. A MITM with knowledge of that key could collect data or inject responses.

Fortinet was notified in May 2018 and released the advisory now 🤯

Everything is fine in the wold...

seclists.org/bugtraq/2019/Nov/

· SubwayTooter · 0 · 1 · 2
Sign in to participate in the conversation
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!