Reply to post: Re: I guess this would have shown up with a cursory glance at the code?

How to log into any backdoored Juniper firewall – hard-coded password published

Jonathan Richards 1

Re: I guess this would have shown up with a cursory glance at the code?

Juniper's advisory says

During an internal code review, two security issues were identified.
So, more than a cursory glance, and that is in fact how it was found. The CIO said that the code review identified "unauthorized" code. Whether or not Juniper will share with us how that backdoor got into their code repository remains to be seen; it's interesting that it seems to have been 'camouflaged' to look like a printf() command. That's not what you'd expect from some developer putting in a time-saving routine during development and then forgetting to remove it before release, it looks like something that was designed to stay under the radar in released software.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019