CVE-2018-0025

Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication

Description

When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series.

Remediation

Solution:

  • The following software releases have been updated to resolve this specific issue: Junos OS:12.1X46-D67, 12.3X48-D25, 15.1X49-D35, 17.3R1 all subsequent releases.

Workaround:

  • 1. Discontinue use of HTTP/HTTPS Pass-through Firewall User Authentication 2. Use web-redirect when using Pass-through Firewall User Authentication Example: set security policies from-zone * to-zone * policy * then permit firewall-authentication pass-through web-redirect For additional configuration guidance, customers should contact JTAC Support.

Category

6.1
CVSS
Severity: Medium
CVSS 3.0 •
CVSS 2.0 •
EPSS 0.24%
Vendor Advisory juniper.net Vendor Advisory juniper.net Vendor Advisory juniper.net Vendor Advisory juniper.net
Affected: Juniper Networks Junos OS
Published at:
Updated at:

References

Link Tags
https://www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.html vendor advisory
http://www.securityfocus.com/bid/104719 vdb entry third party advisory
http://www.securitytracker.com/id/1041316 vdb entry third party advisory
https://www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.html vendor advisory
https://www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.html vendor advisory
https://kb.juniper.net/JSA10858 mitigation vendor advisory

Frequently Asked Questions

What is the severity of CVE-2018-0025?
CVE-2018-0025 has been scored as a medium severity vulnerability.
How to fix CVE-2018-0025?
To fix CVE-2018-0025: The following software releases have been updated to resolve this specific issue: Junos OS:12.1X46-D67, 12.3X48-D25, 15.1X49-D35, 17.3R1 all subsequent releases.
Is CVE-2018-0025 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2018-0025 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2018-0025?
CVE-2018-0025 affects Juniper Networks Junos OS.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.