- Joined
- May 15, 2016
- Messages
- 4,021
- Likes
- 2,572
- Points
- 1,730
Authorities provided Juniper Networks with one month to answer eight questions about the results of the investigation.
More than a dozen U.S. officials sent a letter to California-based network and cyber security provider Juniper Networks to ask the company about the results of an investigation launched in 2015 after it discovered a backdoor in its products, SecurityWeek reported.
At the end of 2015, Juniper Networks during the scan discovered an unauthorized code in the ScreenOS operating system, which caused two vulnerabilities (CVE-2015-7755 and CVE-2015-7754) that could allow attackers to remotely access administrator’s devices with Juniper NetScreen and decrypt VPN traffic.
The second problem was the use of the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG), which ScreenOS used as a pseudo-random number generator. Dual EC DRBG contained a backdoor, the responsibility for the appearance of which allegedly lies with the US National Security Agency (NSA).
“More than four years have passed since Juniper Networks announced an investigation, but the company still hasn’t announced what it discovered. Americans, as well as US companies and government agencies that trusted Juniper products with their confidential data, still do not have information about how Juniper allowed the NSA to develop an encryption algorithm with a backdoor, ”the letter said.
Authorities provided Juniper Networks one month to answer eight questions about the incident, including the company's decisions regarding the Dual EC DRBG, the results of its investigation, the source of the unauthorized code, and any recommendations made and implemented after the investigation.
__________________
More than a dozen U.S. officials sent a letter to California-based network and cyber security provider Juniper Networks to ask the company about the results of an investigation launched in 2015 after it discovered a backdoor in its products, SecurityWeek reported.
At the end of 2015, Juniper Networks during the scan discovered an unauthorized code in the ScreenOS operating system, which caused two vulnerabilities (CVE-2015-7755 and CVE-2015-7754) that could allow attackers to remotely access administrator’s devices with Juniper NetScreen and decrypt VPN traffic.
The second problem was the use of the Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG), which ScreenOS used as a pseudo-random number generator. Dual EC DRBG contained a backdoor, the responsibility for the appearance of which allegedly lies with the US National Security Agency (NSA).
“More than four years have passed since Juniper Networks announced an investigation, but the company still hasn’t announced what it discovered. Americans, as well as US companies and government agencies that trusted Juniper products with their confidential data, still do not have information about how Juniper allowed the NSA to develop an encryption algorithm with a backdoor, ”the letter said.
Authorities provided Juniper Networks one month to answer eight questions about the incident, including the company's decisions regarding the Dual EC DRBG, the results of its investigation, the source of the unauthorized code, and any recommendations made and implemented after the investigation.
__________________