1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 4:57 am May 21, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Juniper Discovers VPN Decryption Code: Patch Your Systems Now

         

engine

2:33 pm on Dec 18, 2015 (gmt 0)

WebmasterWorld Administrator 10+ Year Member Top Contributors Of The Month



There's a patch available now, even though there's no apparent exploits taking place right now.

Juniper has announced that it has found two critical security vulnerabilities in Screen OS. The first would allow an attacker to decrypt VPN traffic and leave no trace of their actions, while the second allows complete compromise of a device via an unauthorised remote access vulnerability over SSH or telnet. Juniper Discovers VPN Decryption Code: Patch Your Systems Now [zdnet.com]


[kb.juniper.net...]

bill

5:07 am on Dec 21, 2015 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



I guess this is all speculation still, but if Juniper were using Dual-EC, which was criticized for using an intentionally weakened random number generator, some of the current anti-encryption rhetoric is going to look a bit silly.

https://www.imperialviolet.org/2015/12/19/juniper.html [imperialviolet.org]

Juniper: recording some Twitter conversations (19 Dec 2015)

Again, assuming this hypothesis is correct then, if it wasn't the NSA who did this, we have a case where a US government backdoor effort (Dual-EC) laid the groundwork for someone else to attack US interests. Certainly this attack would be a lot easier given the presence of a backdoor-friendly RNG already in place.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. WebmasterWorld / Webmaster General 4:57 am May 21, 2026