Content deleted Content added
Ground Zero (talk | contribs) Style: use verbs instead of adverbs to express time |
m →2015 "unauthorized code" incident: Clean up using AWB |
||
Line 49:
==2015 "unauthorized code" incident==
{{main article|ScreenOS}}
Analysis of the firmware code has also shown that there could exist a backdoor key using [[Dual_EC_DRBG]] enabling whoever hold that key to passively decrypt traffic encrypted by ScreenOS. This is enabled by some very strange code in ScreenOS, which could possibly be a deliberate backdoor. This possible backdoor still exists in ScreenOS.<ref name="wired-secret-code-in-junipers-firewalls">{{cite web | url=http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors | title=Secret Code Found in Juniper's Firewalls Shows Risk of Government Backdoors | author=Kim Zetter | work=Wired | publisher= | language=English
In December 2015 Juniper Systems announced that they had discovered "unauthorized code" in the ScreenOS software that underlies their NetScreen devices, present from 2012 onwards. There were two vulnerabilities: One was a simple root password backdoor, and the other one was changing a point in [[Dual_EC_DRBG]] so that the attackers presumably had the key to use the preexisting (intentional or unintentional) [[kleptographic]] backdoor in ScreenOS to passively decrypt traffic.<ref>http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoor.html</ref>
| |||