Feeds

Hardwired crypto certificate FAIL bricks Juniper router kit

Is this the final nail in the dusty gear's coffin, wonder sysadmins

Top 5 reasons to deploy VMware with Tegile

Sysadmins with older Juniper Networks kit have been left scrambling to keep their networks running after a security certificate expiration bricked their boxen.

The issue has been keeping mailing lists like AusNOG and J-NSP busy as users tried to work out whether it was a deliberate strategy to force people off the EOL gear – and whether there's a workaround.

Users of EOL kit like J2300 and J4300 routers discovered that Juniper Networks used a hard-coded X.509 cryptographic certificate in the systems – and that cert, which is used to securely connect to Juniper to check the customer's software licence for the router is up to date, has now expired.

With an old operating system version installed as well (prior to JunOS 12.1), the router can't verify the identity of the Juniper systems as the SSL cert is now invalid. This means it ultimately treats the installed software as unlicensed, and stops working.

According to a Q&A posted to AusNOG by Eintelligo's Skeeve Stevens here, Juniper is aware of the issue. Users with a current Juniper Networks tech support login are advised to check the knowledge base for TSB16366 (login required).

While Juniper says new JunOS 11.4 releases “will have the relevant certificate added as part of the image”, it seems the oldest OS versions – such as 9.6 – have to be upgraded because they're EOL. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
NSA SOURCE CODE LEAK: Information slurp tools to appear online
Now you can run your own intelligence agency
Azure TITSUP caused by INFINITE LOOP
Fat fingered geo-block kept Aussies in the dark
NASA launches new climate model at SC14
75 days of supercomputing later ...
Yahoo! blames! MONSTER! email! OUTAGE! on! CUT! CABLE! bungle!
Weekend woe for BT as telco struggles to restore service
Cloud unicorns are extinct so DiData cloud mess was YOUR fault
Applications need to be built to handle TITSUP incidents
BOFH: WHERE did this 'fax-enabled' printer UPGRADE come from?
Don't worry about that cable, it's part of the config
Stop the IoT revolution! We need to figure out packet sizes first
Researchers test 802.15.4 and find we know nuh-think! about large scale sensor network ops
DEATH by COMMENTS: WordPress XSS vuln is BIGGEST for YEARS
Trio of XSS turns attackers into admins
SanDisk vows: We'll have a 16TB SSD WHOPPER by 2016
Flash WORM has a serious use for archived photos and videos
prev story

Whitepapers

Driving business with continuous operational intelligence
Introducing an innovative approach offered by ExtraHop for producing continuous operational intelligence.
10 threats to successful enterprise endpoint backup
10 threats to a successful backup including issues with BYOD, slow backups and ineffective security.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.