CVE-2018-0025: Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication
First published: Wed Jul 11 2018(Updated: )
When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series.
Credit: sirt@juniper.net
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Juniper JUNOS | =12.1x46 | |
| Juniper JUNOS | =12.1x46-d10 | |
| Juniper JUNOS | =12.1x46-d15 | |
| Juniper JUNOS | =12.1x46-d20 | |
| Juniper JUNOS | =12.1x46-d25 | |
| Juniper JUNOS | =12.1x46-d30 | |
| Juniper JUNOS | =12.1x46-d35 | |
| Juniper JUNOS | =12.1x46-d40 | |
| Juniper JUNOS | =12.1x46-d45 | |
| Juniper JUNOS | =12.1x46-d50 | |
| Juniper JUNOS | =12.1x46-d55 | |
| Juniper JUNOS | =12.1x46-d60 | |
| Juniper JUNOS | =12.1x46-d65 | |
| Juniper JUNOS | =12.1x46-d66 | |
| Juniper Srx100 | ||
| Juniper Srx110 | ||
| Juniper Srx1400 | ||
| Juniper Srx1500 | ||
| Juniper Srx210 | ||
| Juniper Srx220 | ||
| Juniper Srx240 | ||
| Juniper Srx300 | ||
| Juniper Srx320 | ||
| Juniper Srx340 | ||
| Juniper Srx3400 | ||
| Juniper Srx345 | ||
| Juniper Srx3600 | ||
| Juniper Srx4100 | ||
| Juniper Srx4200 | ||
| Juniper Srx5400 | ||
| Juniper Srx550 | ||
| Juniper Srx5600 | ||
| Juniper Srx5800 | ||
| Juniper Srx650 | ||
| Juniper JUNOS | =12.3x48 | |
| Juniper JUNOS | =12.3x48-d10 | |
| Juniper JUNOS | =12.3x48-d15 | |
| Juniper JUNOS | =12.3x48-d20 | |
| Juniper JUNOS | =15.1x49 | |
| Juniper JUNOS | =15.1x49-d10 | |
| Juniper JUNOS | =15.1x49-d20 | |
| Juniper JUNOS | =15.1x49-d30 |
Remedy
The following software releases have been updated to resolve this specific issue: Junos OS:12.1X46-D67, 12.3X48-D25, 15.1X49-D35, 17.3R1 all subsequent releases.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.securityfocus.com/bid/104719
- http://www.securitytracker.com/id/1041316
- https://kb.juniper.net/JSA10858
- https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html
- https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html
- https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html
- collector/nvd-index
- agent/weakness
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/remedy
- agent/severity
- agent/author
- agent/title
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/juniper
- canonical/juniper junos
- version/juniper junos/12.1x46
- version/juniper junos/12.1x46-d10
- version/juniper junos/12.1x46-d15
- version/juniper junos/12.1x46-d20
- version/juniper junos/12.1x46-d25
- version/juniper junos/12.1x46-d30
- version/juniper junos/12.1x46-d35
- version/juniper junos/12.1x46-d40
- version/juniper junos/12.1x46-d45
- version/juniper junos/12.1x46-d50
- version/juniper junos/12.1x46-d55
- version/juniper junos/12.1x46-d60
- version/juniper junos/12.1x46-d65
- version/juniper junos/12.1x46-d66
- canonical/juniper srx100
- canonical/juniper srx110
- canonical/juniper srx1400
- canonical/juniper srx1500
- canonical/juniper srx210
- canonical/juniper srx220
- canonical/juniper srx240
- canonical/juniper srx300
- canonical/juniper srx320
- canonical/juniper srx340
- canonical/juniper srx3400
- canonical/juniper srx345
- canonical/juniper srx3600
- canonical/juniper srx4100
- canonical/juniper srx4200
- canonical/juniper srx5400
- canonical/juniper srx550
- canonical/juniper srx5600
- canonical/juniper srx5800
- canonical/juniper srx650
- version/juniper junos/12.3x48
- version/juniper junos/12.3x48-d10
- version/juniper junos/12.3x48-d15
- version/juniper junos/12.3x48-d20
- version/juniper junos/15.1x49
- version/juniper junos/15.1x49-d10
- version/juniper junos/15.1x49-d20
- version/juniper junos/15.1x49-d30