Juniper Junos Key Generation Weakness (PSN-2012-04-549)

This script is Copyright (C) 2012-2015 Tenable Network Security, Inc.


Synopsis :

The remote device generates weak cryptographic keys.

Description :

According to its self-reported version and model number, the remote
Junos device generates weak cryptographic keys for SSL and SSH. Due
to a lack of entropy in the initial certificate creation, duplicate
keys may be created on multiple devices. An attacker with knowledge
of these keys would allow a man in the middle attacker to decrypt SSL
or SSH traffic.

Note that self-signed SSL certificates are affected, while SSL
certificates signed by a trusted certificate authority are not.

See also :

http://www.nessus.org/u?b2ca6f92
http://www.nessus.org/u?68a256ed

Solution :

Apply the relevant Junos upgrade referenced in Juniper advisory
PSN-2012-04-549. After upgrading, all self-signed SSL certificates
and SSH public/private keys need to be regenerated.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 3.0
(CVSS2#E:U/RL:OF/RC:C)
Public Exploit Available : false

Family: Junos Local Security Checks

Nessus Plugin ID: 58878 ()

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now