Dive Brief:
- Juniper announced late last week that one of its firewall operating systems had been modified to allow secret access, Computer World reports.
- The defect could pose a significant threat to companies using the equipment, the company said.
- Juniper is the latest major IT vendor to announce that a potential "backdoor for hackers" had accidently been included with its products.
Dive Insight:
Two major problems were found in Juniper's NetScreen OS – a hard-coded password that could allow any attacker with a valid username to log into one of Juniper's firewalls running its NetScreen OS using telnet or SSH, and a vulnerability that can allow VPN traffic to be monitored and decrypted. The vulnerability poses significant risk to organizations that have not patched their Juniper devices.
Juniper's chief information officer, Bob Worrell, came forward with the findings.
"I think Juniper did the right thing here," said HD Moore, chief research officer for the security firm Rapid7. "I suspect that this incident will trigger internal security audits across the industry and cause Juniper to drastically change their code review process."
It remains unclear how attackers were able to infiltrate the systems undetected.
Earlier this month, Lenovo and Dell announced vulnerabilities had been found in support tools pre-installed on new computers they shipped.
