FWIW: I wrote an article describing the finding of the one key on
https://medium.com/@bart.dopheide/decrypting-fortigate-passwords-cve-2019-6693-1239f6fd5a61.
I found 1 way, yet tried many. (The story does not talk about all the
failed paths.) If you...
https://fortiguard.com/psirt/FG-IR-19-007 - There is actually a static
encryption key, or "hard-coded key" as Fortinet calls it. It was quite a
struggle finding the one key in the firmware and actually quite useless
(since I already described how to ...
Mr.J wrote:just to have it checked. I have tested this with some other
"encrypted" password (e.g. admin, localuser, OSPF, snmpuser,
certificate) on the FortiGate. This seems only be possible with
pre-shared keys and SSID passphrases. Can you elaborat...
I did get you wrong then. No problem. Let me reshow it then: Method 1:1)
Log in into the web-interface as a (super?) admin. 2) Change your
url/path to https://your-fortigate-ip...?plain-text-password=1 3)
Firefox understands the JSON reply. I hope yo...
Well, someone from FTNT authorized my post. Furthermore, we already know
that the psksecret has to be stored with reversible encryption (not
hashing). If you do not believe me, check cookbook
https://cookbook.fortinet.com/encryption-hash-used-by-fort...