Junos OS: SRX Series: Credentials exposed when using HTTP and HTTPS Firewall Pass-through User Authentication
Description
When an SRX Series device is configured to use HTTP/HTTPS pass-through authentication services, a client sending authentication credentials in the initial HTTP/HTTPS session is at risk that these credentials may be captured during follow-on HTTP/HTTPS requests by a malicious actor through a man-in-the-middle attack or by authentic servers subverted by malicious actors. FTP, and Telnet pass-through authentication services are not affected. Affected releases are Juniper Networks SRX Series: 12.1X46 versions prior to 12.1X46-D67 on SRX Series; 12.3X48 versions prior to 12.3X48-D25 on SRX Series; 15.1X49 versions prior to 15.1X49-D35 on SRX Series.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Juniper SRX HTTP/HTTPS pass-through authentication may leak credentials to MITM attackers during subsequent requests.
Vulnerability
CVE-2018-0025 affects Juniper Networks SRX Series devices configured for HTTP/HTTPS pass-through authentication. When a client authenticates via this method, the credentials sent in the initial session can be captured by a malicious actor during follow-on HTTP/HTTPS requests through a man-in-the-middle (MITM) attack or by subverted authentic servers. The vulnerability exists in Junos OS versions 12.1X46 prior to 12.1X46-D67, 12.3X48 prior to 12.3X48-D25, and 15.1X49 prior to 15.1X49-D35 on SRX Series. FTP and Telnet pass-through authentication are not affected. [1]
Exploitation
An attacker must be positioned as a man-in-the-middle between the client and the SRX device, or must control an authentic server that the SRX trusts. After the client successfully authenticates via HTTP/HTTPS pass-through, the attacker can intercept subsequent HTTP/HTTPS requests from the same client. These follow-on requests may contain the previously sent credentials, allowing the attacker to capture them. No additional authentication or user interaction beyond the initial login is required for the attacker to harvest credentials. [2]
Impact
Successful exploitation results in disclosure of user credentials (username and password) used for pass-through authentication. With these credentials, an attacker can authenticate to the SRX device or to other services that accept the same credentials, potentially gaining unauthorized network access at the privilege level of the compromised user. The confidentiality of authentication data is compromised, and the attacker may escalate access within the network.
Mitigation
Juniper Networks has released fixed versions: 12.1X46-D67, 12.3X48-D25, and 15.1X49-D35. Administrators should upgrade to these or later releases. No workaround is documented; disabling HTTP/HTTPS pass-through authentication and using FTP or Telnet pass-through (which are not affected) may reduce risk, but this is not a formal mitigation. The vulnerability is not listed in CISA's Known Exploited Vulnerabilities (KEV) catalog. [3]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <12.1X46-D67, <12.3X48-D25, <15.1X49-D35
- Range: 12.1X46
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- www.securityfocus.com/bid/104719mitrevdb-entryx_refsource_BID
- www.securitytracker.com/id/1041316mitrevdb-entryx_refsource_SECTRACK
- kb.juniper.net/JSA10858mitrex_refsource_CONFIRM
- www.juniper.net/documentation/en_US/junos/topics/concept/firewall-user-authentication-pass-through-understanding.htmlmitrex_refsource_MISC
- www.juniper.net/documentation/en_US/junos/topics/example/firewall-user-authentication-pass-through-configuring-cli.htmlmitrex_refsource_MISC
- www.juniper.net/documentation/en_US/junos/topics/example/security-https-traffic-to-trigger-pass-through-authentication-configuring.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.