back to article Juniper slips out update after hardcoded credentials left in switches

Juniper Networks has issued an update after finding hardcoded credentials had been left in some of its datacenter switches. The exposed login, designated CVE-2019-0034, was found in the Junos Network Agent, a software tool used to manage sensors and other devices that monitor network performance. Specifically, hardcoded …

  1. tip pc Silver badge

    Again

    Again!!!!!!!

    1. Waseem Alkurdi

      Yes.

      Yes.

    2. Anonymous Coward
      Anonymous Coward

      @tip pc - Re: Again

      There are no laws against stupidity because they would be difficult to enforce.

    3. GnuTzu
      Facepalm

      Re: Again

      OOOOOOHHHHHHH MMMMMYYYYYY GGGGGAAAAAAWWWWWDDDDDDDDDDDDDDDD

  2. Yet Another Anonymous coward Silver badge

    Backdoor found in foreign telecoms gear

    Time for a ban.....

  3. rjed

    Get your act together, Juniper!

    Gets me thinking, even with multi-level peer code reviews, automated static/dynamic code analysis, the hardcoded credentials still managed to sneak in to the production. The Junos version mentioned was last updated in Feb 2019. Pretty reprehensible!

    1. Tom Chiverton 1

      Re: Get your act together, Juniper!

      Sneak ?

      Maybe they were told to put them there...

    2. Rajesh Kanungo

      Re: Get your act together, Juniper!

      Sometimes developers will mask the static code analysis results (mark it inapplicable or something) so it avoids the reviewer's inspection. Sometimes the code is just not analyzed. Sometimes the software is supposed to be just a 'tool' and not considered important. Sometimes developers don't understand what it means. Sometimes the managers override the engineers. Also, peer code reviews can get a bit chummy.

      Pretty reprehensible.

      Mostly, when you see one such mistake, look for more of the same.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like