NFX Series: Insecure sshd configuration in Juniper Device Manager (JDM) and host OS (JSA10878)
Medium Nessus Plugin ID 126508
SynopsisThe remote device is missing a vendor-supplied security patch.
DescriptionAccording to its self-reported version number, the remote Juniper Junos device is affected by a vulnerability. With an insecure SSHD configuration in Juniper Device Manager, a remote, unauthenticated attacker can gain access if any of the passwords on the system are empty. The affected SSHD configuration has the PermitEmptyPasswords option set to 'yes'.
SolutionApply the relevant Junos software release referenced in Juniper advisory JSA10878.