adam121 - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Is a cryptographic algorithm behind Juniper's backdoor?

Juniper firewall products were found to have two backdoor vulnerabilities. Expert Michael Cobb explains how a cryptographic algorithm and hardcoded password enabled this to happen.

News of the Juniper firewall backdoors and National Security Agency controversy has been everywhere, but I'd like to know more about the cryptographic algorithm behind it all. How was the initial backdoor in the ScreenOS software created, and how did another party use it to create yet another backdoor in Juniper products?

During a recent internal code review, Juniper Networks discovered two vulnerabilities, assigned CVE Identifier CVE-2015-7755 and CVE-2015-7756, in the ScreenOS software that runs its NetScreen firewalls. CVE-2015-7755 allows a remote attacker to obtain administrative access via an SSH or TELNET session, by entering any username and a backdoor password that had been hardcoded into the software. This unauthorized code in ScreenOS affects revisions 6.3.0r17, 6.3.0r18, 6.3.0r19 and 6.3.0r20, and Juniper recommends that customers apply the patched releases. There is also guidance on what the logs from a successful intrusion would look like and Fox-IT has a created a set of Snort rules that can detect access using the backdoor password. Juniper is conducting an investigation to understand how the password backdoor managed to escape code reviews for so long, but there haven't as yet been any further announcements.

The cryptographic algorithm at the heart of the second vulnerability, CVE-2015-7756, which allows a passive eavesdropper to decrypt traffic, is the discredited Dual Elliptic Curve Deterministic Random Bit Generator algorithm (Dual_EC_DRBG). Concerns over the security of Dual_EC_DRBG led NIST to formally revise its recommended methods for generating random numbers, a critical element used in creating secure cryptographic keys for encrypting data. The reissued guidelines are available in Special Publication 800-90A, Revision 1. The lack of confidence in this particular cryptographic algorithm comes from reports alleging that the NSA interfered with its design, and that it contains a weakness that would allow attackers to predict the outcome of the random number generation process to determine the secret cryptographic keys.

Despite NIST's recommendations in July 2015 that software vendors, in order to remain in compliance with federal guidance, should reconfigure their products to use one of the three remaining approved cryptographic algorithms, Juniper announced it would continue to use Dual_EC_DRBG in its ScreenOS software. It stated, "ScreenOS uses it in a way that should not be vulnerable to the possible issue that has been brought to light." However, detailed analysis by Ralf-Philipp Weinmann and others showed that although Juniper doesn't use Dual_EC_DRBG as the primary random number generator, a bug in its nonstandard implementation means an attacker could exploit the existing weaknesses in the algorithm, in order to obtain information to decrypt network traffic and create a VPN backdoor. Whoever managed to make changes to the ScreenOS code didn't need to make any major rewrites. In fact, it looks like they just changed some of the encryption parameters.

The IT industry as a whole needs to remove support for insecure cryptographic algorithms far faster than it currently does, in order to encourage others to bring their hardware and software up to date and functioning securely. Enterprises, meanwhile, have to take a greater interest in the encryption algorithms used in their IT infrastructures and question vendors who continue to use insecure algorithms. Thankfully, Juniper Networks has announced it will be replacing Dual_EC_DRBG in its in ScreenOS 6.3 to "enhance the robustness of the ScreenOS random number generation subsystem."

Next Steps

Find out how to distinguish a security backdoor from a vulnerability

Learn how to mitigate backdoor risks

Read about why security experts disagree with lawmakers on encryption problems

Why you should care about the algorithm economy

This was last published in May 2016

Dig Deeper on Network device security: Appliances, firewalls and switches