DUHK Attack against Fortinet Products Fortinet PSIRT Advisories Fortinet PSIRT Contact: Website: https://fortiguard.fortinet.com/faq/psirt-contact FG-IR-16-067 Final 1 1 2016-11-22T00:00:00 Current version 2016-11-22T00:00:00 2016-11-22T00:00:00 When devices use ANSI X9.31 RNG (which was removed from the list of FIPS-approved random number generation algorithms in January 2016) to generate cryptographic key under a static seed and under use with long-lived security tunnels like SSL/TLS/SSH/IPSec, such devices are vulnerable to the DUHK attack. Allows unauthorized disclosure of information For FortiOS:FortiOS only affect 4.3.0 to 4.3.18 versions [1]: * FortiOS 4.3.19 and 5.0.0 above are not affected * FortiOS 4.2 and below versions are not affectedThe following products are NOT affected [2]:FortiAPFortiSwitchFortiAnalyzer[1] FortiOS 4.3 used to implement the ANSI X9.31 RNG to decrypt TLS/IPSec traffic.[2] Either X9.31 not been used or not meet the vulnerable conditions. For FortiOS upgrade to FortiOS 4.3.19, 5.0.0 or above [3].[3] It is now superseded by the CTR_DRBG implementation as per the NIST SP800-90 recommendations since FortiOS 5.0.0 GA release.Revision2016-11-22 Initial version. FortiOS DUHK attack vulnerability fixed.2017-11-23 Add assessment for other products. https://fortiguard.fortinet.com/psirt/FG-IR-16-067 DUHK Attack against Fortinet Products https://duhkattack.com/ https://duhkattack.com/ Fortinet is pleased to thank Matthew D. Green of the Johns Hopkins University and Shaanan Cohney of University of Pennsylvania for reporting this vulnerability under responsible disclosure. CVE-2016-8492 https://fortiguard.fortinet.com/psirt/FG-IR-16-067 DUHK Attack against Fortinet Products Reference> https://duhkattack.com/ https://duhkattack.com/