WTF Fortinet?

Their FortiGuard service communication (sending customer behaviour metadata to the cloud to get back threat ratings) was encrypted with a static key, used over several products. A MITM with knowledge of that key could collect data or inject responses.

Fortinet was notified in May 2018 and released the advisory now 🤯

Everything is fine in the wold...

Sign in to participate in the conversation
INFRa Mastodon

The social network of the future: No ads, no corporate surveillance, ethical design, and decentralization! Own your data with Mastodon!