Juniper OS Flaw Allowed Forged Certificates

Slashdot reader disccomp shares an article from Ars Technica:
In an advisory posted Wednesday, Juniper officials said they just fixed a bug in the company’s Junos operating system that allowed adversaries to masquerade as trusted parties. The impersonation could be carried out by presenting a forged cryptographic certificate that was signed by the attacker rather than by a trusted certificate authority that normally vets the identity of the credential holder…

“It seems that Junos was accepting specially crafted, invalid certificates as trusted,” said Stephen Checkoway, a computer scientist at the University of Illinois at Chicago who recently focused on security in Juniper products. “This would enable anyone to create a VPN connection and gain access to the private network, e.g., a private, corporate network.”


Share on Google+

Read more of this story at Slashdot.

Clip to Evernote

Leave a Reply

Your email address will not be published. Required fields are marked *