juniper vpn
Nikos Mavrogiannopoulos
n.mavrogiannopoulos at gmail.com
Tue Dec 22 07:46:04 PST 2015
On Tue, Dec 22, 2015 at 2:06 PM, Niels Peen <niels at peen.net> wrote:
> On 22 December 2015 at 10:23:12, Nikos Mavrogiannopoulos
> (n.mavrogiannopoulos at gmail.com) wrote:
> It has been discovered that the juniper VPN devices [0] were
> backdoored, and that the backdoor was even "maliciously" modified by
> unknown parties. Is that the same VPN that openconnect supports? In
> that case should openconnect print a huge warning before connecting to
> these devices?
>
> [0]. http://blog.cryptographyengineering.com/2015/12/on-juniper-backdoo
> r.html
> You would have to make sure such a warning shows up for affected devices
> only. Older openconnect versions tend to remain in use for years as part of
> various Linux distributions and you don’t want people to be unnecessarily
> alarmed or bug their network admins about this after the issue has been long
> resolved.
The scary part of this story is that the code was already backdoored.
The attack only replaced the keys of the backdoor with keys that were
not controlled by juniper. The "fix" of the backdoor was to replace
the attack keys with the original juniper keys. With that in mind, I
don't think there is any version where such a warning would not be
appropriate.
regards,
Nikos
More information about the openconnect-devel
mailing list