Juniper removes elements from its ScreenOS software vulnerabilities exhibited




Manufacturer of networking equipment, Juniper takes the random number generators in ScreenOS 6.3 shall be replaced by other software. Existing technologies Dual_EC and ANSI X9.31 last December proved to be highly vulnerable to external attacks.

The US Juniper makes the news announced via a blog post. The two software elements are replaced by the same random number generator that Juniper already bet on Junos OS, another OS for the network of the company. That is not to say that the current version of ScreenOS, and the two parts in question at present still vulnerable Juniper immediately after publication of the vulnerabilities published the necessary updates. Nevertheless, the company is abandoning the code. In the first half of 2016 should this update.

On December 18, 2015 Juniper made known that “unauthorized code” had been discovered in the two software elements from its ScreenOS. This code made it possible for an attacker to decrypt remote VPN traffic and gain administrator access on certain devices from Juniper. The company gave when they do not know where the code comes from. The vulnerable software since 2012 would be present on the company’s network, but understanding how the backdoors are used in practice, there is not.

Although the code would show traces of a government action, it is not clear which party is right behind it. Juniper would be the interest having the NSA and GCHQ intelligence because of the spread of Juniper devices all over the world and the amount of SSL VPN services that the company provides. Direct evidence that the intelligence behind the backdoors, did not however.


In: A Technology & Gadgets Asked By: [23225 Red Star Level]

Answer this Question

You must be Logged In to post an Answer.

Not a member yet? Sign Up Now »