CVE-2019-6693 PoC — Fortinet FortiOS 信任管理问题漏洞

Source

https://github.com/Real4XoR/CVE-2019-6693

Associated Vulnerability

Title:Fortinet FortiOS 信任管理问题漏洞 (CVE-2019-6693)
Description:Use of a hard-coded cryptographic key to cipher sensitive data in FortiOS configuration backup file may allow an attacker with access to the backup file to decipher the sensitive data, via knowledge of the hard-coded key. The aforementioned sensitive data includes users' passwords (except the administrator's password), private keys' passphrases and High Availability password (when set).

Readme

# CVE-2019-6693

Have you changed your default FortiGate encryption keys? Run this script and find out! You can provide the entire configuration file dump or individual encrypted values. If the decrypted values aren't complete nonsense or produce a word, then it is likely the encryption is left as default.

## Installation

```bash
git clone https://github.com/Real4XoR/cve-2019-6693.git
cd cve-2019-6693
pip3 install -r requirements.txt
```

## Usage

Provide the entire `.conf` configuration file:

```bash
python3 cve-2019-6693.py --config <File>.conf
```

You can also provide just the encrypted string:

```bash
python3 cve-2019-6693.py --string <ENC String>
```
## Kudos

Rework of the below script to make it do a few more things.

https://github.com/saladandonionrings/cve-2019-6693

File Snapshot


 [4.0K]  /data/pocs/bbf9221c17c7fff42d8ea1197e043a0c2aa486c5
├── [3.3K]  cve-2019-6693.py
├── [ 793]  README.md
└── [  20]  requirements.txt

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!