The 2016 Pwnie Winner For Best Backdoor

Juniper ScreenOS: 哈哈哈哈哈哈 (CVE-2015-7755 & CVE-2015-7756)

Credit: Chinese Information Operations and Information Warfare Center

Although many vendors intentionally backdoor their products, because they hate their users, some companies have to rely on the cyberwarfare divisions of global powers to do so. In late 2015, Juniper issued an advisory claiming that “unauthorized” code in the Netscreen operating system had been active for the last few years. Netscreen firewalls are externally exposed by their very nature and it wasn’t long before two sets of issues were uncovered. In a nod to grunge 90s, a SSH backdoor was added that allowed anyone (mostly China) to login to a Netscreen device over SSH using a hardcoded backdoor. The security firms who published the details did so knowing that far too many sysadmins were stuck at their in-laws over the December holidays and looking for any excuse to spend some quality time in a dark room by themselves. The second issue was far more interesting. In an attempt to make all of the privacy crazies^W^W crypto activists feel better about themselves, the Dual_EC RNG constant hardcoded into the Netscreen firmware was changed from one mysterious constant to another. Juniper hasn’t clarified whether the first constant was a backdoor as well, but it is safe to assume that the entire Netscreen platform should be gently lowered into a volcano at this point. Eight months later, not much is publicly known about how these backdoors were added, or which Juniper developer has a storage unit full of Chinese tiger penis wine as a result.

Juniper ScreenOS: 哈哈哈哈哈哈 

(CVE-2015-7755 & CVE-2015-7756)