Juniper Junos Key Generation Weakness (PSN-2012-04-549)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.

Synopsis :

The remote device generates weak cryptographic keys.

Description :

According to its self-reported version and model number, the remote
Junos device generates weak cryptographic keys for SSL and SSH. Due
to a lack of entropy in the initial certificate creation, duplicate
keys may be created on multiple devices. An attacker with knowledge
of these keys would allow a man in the middle attacker to decrypt SSL
or SSH traffic.

Note that self-signed SSL certificates are affected, while SSL
certificates signed by a trusted certificate authority are not.

See also :

Solution :

Apply the relevant Junos upgrade referenced in Juniper advisory
PSN-2012-04-549. After upgrading, all self-signed SSL certificates
and SSH public/private keys need to be regenerated.

Risk factor :

Medium / CVSS Base Score : 4.0
CVSS Temporal Score : 3.0
Public Exploit Available : false

Family: Junos Local Security Checks

Nessus Plugin ID: 58878 ()

Bugtraq ID:


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now