Title: FortiSwitch rest_admin account exposed under certain conditions
Discovery: Emma Ferguson on behalf of The Missing Link Security
FortiSwitch 3.4.1 introduced a user account named "rest_admin" with super_admin privileges when the FortiSwitch is configured to be managed by a FortiGate device.
The FortiSwitch needs to communicate with the FortiGate to generate a random password for the "rest_admin" account.
However if the network connection between the FortiSwitch and FortiGate cannot be established when it is rebooted twice or
downgraded to a FortiSwitch release prior to 3.4.1 then the rest_admin will be exposed with a null password.
FortiOS 3.4.1 on affected FortiSwitch models
Affected FortiSwitch models that has been upgraded to 3.4.1 and later downgraded to an earlier version (tested on 3.3.0, 3.3.1, 3.3.2, 3.3.3)
Affected FortiSwitch models list:
Other FortiSwitch models are not affected.