Cisco Starts Company-Wide Code Audit to Search for Hidden Backdoors
After Juniper found “unauthorized code” in the source code of their ScreenOS, deployed with NetScreen firewall equipment, Cisco announced a full audit of all their products’ source code.
The code reviewers will be looking for undisclosed device access methods (backdoors), hardcoded or undocumented hidden account credentials, undocumented traffic diversions, or any type of covert communications initiated from the device.
Cisco has firmly stated that it has a “no backdoor” policy for its products, and has also reassured clients that, up to this point, no unauthorized code has been found in its devices.
It appears that the Juniper incident has rocked the communications equipment market, and now, many companies are scrambling left and right to reassure clients that their businesses’ communications channels are safe.
About the Juniper Backdoor (in some of their firewalls):
Security Firm Discovers Backdoor Password for Juniper ScreenOS Devices
The issue was present only in some of its equipment, NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20, to be more precise.
According to Rapid7, attackers can use the password “<<< %s(un=’%s’) = %u” to bypass both SSH and Telnet authentication procedures, with the only condition that they know a valid username.
The password was found in the ScreenOS code, and it looks like a code comment, probably the reason it remained in the code for so many years.
According to security analyst Ralf-Philipp Weinmann , these vulnerabilities could find their source in NSA’s deliberately crippled dual elliptic curve algorithm Dual_EC_DBRG, a pseudo-random number generator used to encrypt traffic.
A Wired article also explains how the backdoor works:
Apparently, Juniper is still using this weakened algorithm.
#Juniper #NetScreen #ScreenOS