Use of hardcoded credentials for communication between Meru access points and FortiWLC

2018-05-0400:00:00

FortiGuard Labs

www.fortiguard.com

0.002 Low

EPSS

Percentile

60.3%

JSON

FortiWLC included two hardcoded accounts which were used by Meru Access Points to report core dumps; these accounts had read/write privileges over various parts of the system.
Starting with FortiWLC 7.0.13 and FortiWLC 8.4.0, the accounts are now completely removed and do not persist over firmware upgrade.

CPENameOperatorVersion
fortiwlceq8.3.3
fortiwlceq8.3.2
fortiwlceq8.3.1
fortiwlceq8.3.0
fortiwlceq8.2.7
fortiwlceq8.2.6
fortiwlceq8.2.5
fortiwlceq8.2.4
fortiwlceq8.1.3
fortiwlceq8.1.2

Name	Operator	Version
fortiwlc	eq	8.3.3
fortiwlc	eq	8.3.2
fortiwlc	eq	8.3.1
fortiwlc	eq	8.3.0
fortiwlc	eq	8.2.7
fortiwlc	eq	8.2.6
fortiwlc	eq	8.2.5
fortiwlc	eq	8.2.4
fortiwlc	eq	8.1.3
fortiwlc	eq	8.1.2

Rows per page:

1-10 of 151

0.002 Low

EPSS

Percentile

60.3%

JSON

Related for FG-IR-17-274