CVE-2019-6693 PoC — Fortinet FortiOS 信任管理问题漏洞

Source

https://github.com/synacktiv/CVE-2020-9289

Associated Vulnerability

Title:Fortinet FortiOS 信任管理问题漏洞 (CVE-2019-6693)
Description:Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

Description

Decrypt reversible secrets encrypted using the default hardcoded key related to CVE-2020-9289 on FortiAnalyzer/FortiManager (the only difference with CVE-2019-6693 is the encryption routine).

Readme

# Decrypt FortiManager configuration secrets (CVE-2020-9289)

CVE-2020-9289 and CVE-2019-6693 are related to the same default and hardcoded key.

The only differences on the decryption routine implemented in FortiManager/FortiAnalyzer are:

- The IV handling (all the 16 bytes are provided before the encrypted data from digits).
- The last encrypted block is stripped from the output so it needs junk to be appended then removed from the cleartext.

See https://www.fortiguard.com/psirt/FG-IR-19-007 for more details.

File Snapshot


 [4.0K]  /data/pocs/7d3b76344a33d458106f92373bcb661afb93fd44
├── [1.2K]  cve-2020-9289.py
├── [ 520]  README.md
└── [  22]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!