Rapid7 Vulnerability & Exploit Database

Juniper Junos OS: Multiple routers can generate duplicate SSH private keys due to missing entropy (JSA10434)

Back to Search

Juniper Junos OS: Multiple routers can generate duplicate SSH private keys due to missing entropy (JSA10434)

Severity
4
CVSS
(AV:L/AC:M/Au:N/C:P/I:P/A:P)
Published
04/01/2010
Created
07/25/2018
Added
05/07/2014
Modified
05/07/2014

Description

Due to the way entropy (source of randomization) was obtained in JUNOS, there exists the remote possibility that multiple identically configured routers, purchased at the same time and configured to generate their initial SSH private key at the same time, may end up with the same private keys. The sources of entropy in the affected releases was limited, and therefore the pseudo-random number generator (PRNG) used as input to the SSH key generation may result in the same values across multiple systems. This issue was mostly prevalent in systems without ATA disk controllers or Compact Flash memory.

Solution(s)

  • juniper-junos-os-upgrade-latest

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;