Juniper’s backdoor password disclosed, likely added in late 2013

Steve Ragan reports:

Rapid7’s Chief Research Officer, HD Moore, has posted some notes on the Juniper ScreenOS incident. After analyzing the patches released by Juniper, Moore’s team discovered the backdoor password that enables the Telnet and SSH bypass.

In a blog post on Rapid7’s community portal, Moore said that a quick Shodan search identified 26,000 public-facing Netscreen devices with SSH open. Considering the severity of the issues disclosed by Juniper on December 18, his team started digging.

Read more on Salted Hash.

About the author: Dissent

Comments are closed.