Monday, July 18, 2016

IT Security Alert - Got Juniper Equipment? Better get the patch.

Juniper Networks patched a crypto bug tied to its public key infrastructure that could have allowed hackers to access the company’s routers, switches and security devices and eavesdrop on sensitive communications. The flaw was tied to Juniper products and platforms running Junos, the Juniper Network Operating System.

The bug (CVE-2016-1280) was reported and patched by Juniper on Wednesday, with public disclosure Friday. Juniper also posted its own information on the security vulnerability, which was found internally.

...The vulnerability allowed attackers to create specially crafted self-signed certificates that can bypass certificate validation within Juniper hardware running the Junos OS. If exploited, the vulnerability could have allowed an attacker in a man-in-the-middle position on the victim’s network to read supposedly secure communications. more