Juniper Junos Key Generation Weakness (PSN-2012-04-549)
Medium Nessus Plugin ID 58878
SynopsisThe remote device generates weak cryptographic keys.
DescriptionAccording to its self-reported version and model number, the remote Junos device generates weak cryptographic keys for SSL and SSH. Due to a lack of entropy in the initial certificate creation, duplicate keys may be created on multiple devices. An attacker with knowledge of these keys would allow a man in the middle attacker to decrypt SSL or SSH traffic.
Note that self-signed SSL certificates are affected, while SSL certificates signed by a trusted certificate authority are not.
SolutionApply the relevant Junos upgrade referenced in Juniper advisory PSN-2012-04-549. After upgrading, all self-signed SSL certificates and SSH public/private keys need to be regenerated.