Juniper Networks security flaw may have exposed US government data

Secure networking devices used by the US Defense Department and the FBI could have been targeted by a vulnerability that lay undetected for three years

Two security flaws that lay undiscovered in Juniper Networks' widely used corporate virtual private network (VPN) software for three years could have exposed sensitive informative to foreign governments or criminal groups, researchers have said.

The vulnerabilities were in the form of "unauthorised code" discovered during a recent internal code review and announced on 17 December. One of the flaws could have allowed hackers to decrypt information passing through Juniper's devices, including equipment for a secure network used by companies internally.