The encryption bug Heartbleed is no longer just a software problem. Networking equipment manufacturers Cisco Systems and Juniper Networks said late Thursday that some of their routing and switching products contain the security flaw, according to The Wall Street Journal. The products include routers, switches and firewalls that are used in corporate and home networks.
By exploiting the flaw, hackers could capture usernames, passwords and other sensitive information as it travels across a network.
Cisco Systems alerted customers with a bulletin on Thursday that said 11 products were already confirmed vulnerable and another 66 under investigation, the Journal reported. While Cisco writes a software patch, it is offering customers software that would detect a hacker attack that exploits the vulnerability.
Juniper Networks, meanwhile, told the Journal that updating its equipment to fix the bug could be lengthy and it doesn’t involve just “flipping a switch.” The company issued a statement: “The Juniper Networks Security Incident Response Team (SIRT) is aware of the OpenSSL vulnerability impacting the industry and is working round the clock on fixes to address potential risks to some Juniper products.”
Both companies said customers should expect continual updates to their product advisories.
The bug involves a version of OpenSSL, the open-source browser-encryption standard used by perhaps two-thirds of Internet servers. It’s being called Heartbleed because the bug resides in OpenSSL’s so-called “heartbeat” extension that’s designed to let a secure connection stay open for long periods of time.