Security researcher found a hardcoded SSH Key in Fortinet SIEM appliances

Security researcher Andrew Klaus, from Cybera, discovered a hardcoded SSH public key in Fortinet’s Security Information and Event Management FortiSIEM that can be used in order to generate a denial of service against the FortiSIEM Supervisor. Fortinet devices share the same SSH key for the user ‘tunneluser‘, and it is stored in plain text [1]: […]