Content deleted Content added
Nameless23 (talk | contribs) m →2015 "Unauthorized Code" Incident: moved to ScreenOS |
→2015 "Unauthorized Code" Incident: write a bit more |
||
Line 50:
==2015 "Unauthorized Code" Incident==
{{main|ScreenOS}}
Analysis of the firmware code has also shown that there could exist a backdoor key using [[Dual_EC_DRBG]] enabling whoever hold that key to passively decrypt traffic encrypted by ScreenOS. This is enabled by some very strange code in ScreenOS, which could possibly be a deliberate backdoor. This possible backdoor still exists in ScreenOS.<ref name="wired-secret-code-in-junipers-firewalls">{{cite web | url=http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors | title=Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors | author=Kim Zetter | work=Wired | publisher= | language=English | format=HTML | date=2015-12-18 | accessdate=2015-12-25 | archive-url=https://web.archive.org/web/*/http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors | archivedate=2015-12-25}}</ref>
In December 2015 Juniper Systems announced that they had discovered "unauthorized code" in the ScreenOS software that underlies their NetScreen devices, present from 2012 onwards. There were two vulnerabilities: One was a simple root password backdoor, and the other one was changing a point in [[Dual_EC_DRBG]] so that the attackers presumably had the key to use the preexisting (intentional or unintentional) backdoor in ScreenOS to passively decrypt traffic.<ref>http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html</ref>
==References==
| |||