A backdoor password that, according to security company Rapid7, was likely chosen to appear as a debug string, has been found in some versions of Screen OS that were vulnerable to a remote access issue disclosed by Juniper last week.
HD Moore, chief research officer at Rapid7, said in a blog post that looking at the differences between the patched and vulnerable versions of ScreenOS, with particular attention to strcmp calls, showed that a default backdoor password existed, namely “<<< %s(un=’%s’) = %u”.
“If you want to test this issue by hand, telnet or ssh to a Netscreen device, specify a valid username and the backdoor password,” Moore wrote. “If the device is vulnerable, you should receive an interactive shell with the highest privileges.”
Original Story: ZDNet
View full story here