Description
Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes it easier for remote authenticated users to obtain sensitive information via a dictionary attack, aka PR 879462.
References (2)
Core 2
Core References
Patch x_refsource_confirm
http://kb.juniper.net/JSA10585
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1028923
Scores
EPSS
0.0018
EPSS Percentile
38.7%
Details
CWE
CWE-264
Status
published
Products (9)
juniper/junos_space
11.1
juniper/junos_space
11.2
juniper/junos_space
11.3
juniper/junos_space
11.4
juniper/junos_space
12.1
juniper/junos_space
12.2
juniper/junos_space
12.3
juniper/junos_space_ja1500_appliance
juniper/junos_space_virtual_appliance
Published
Aug 16, 2013
Tracked Since
Feb 18, 2026