iApple Products

April 10, 2014 5:40 p.m. ET

The encryption bug that has the Internet on high alert also affects the equipment that connects the Web.

Cisco Systems Inc. CSCO -2.03% Cisco Systems Inc. U.S.: Nasdaq ^$22.65 -0.47 -2.03% April 10, 2014 4:00 pm Volume (Delayed 15m) : 52.52M AFTER HOURS ^$22.62 -0.03 -0.13% April 10, 2014 5:41 pm Volume (Delayed 15m): 1.37M P/E Ratio 14.80 Market Cap $119.10 Billion Dividend Yield 3.36% Rev. per Employee $637,890 04/10/14 Heartbleed Bug Found in Cisco ... 04/09/14 HEARD ON THE STREET: Opening t... 04/08/14 Comcast Dangles Wi-Fi Phone Se... More quote details and news » CSCO in Your Value Your Change Short position and Juniper Networks Inc., JNPR -1.82% Juniper Networks Inc. U.S.: NYSE ^$24.85 -0.46 -1.82% April 10, 2014 4:00 pm Volume (Delayed 15m) : 7.61M AFTER HOURS ^$25.31 +0.46 +1.85% April 10, 2014 4:45 pm Volume (Delayed 15m): 37,491 P/E Ratio 28.56 Market Cap $11.98 Billion Dividend Yield N/A Rev. per Employee $492,365 04/10/14 Heartbleed Bug Found in Cisco ... 04/02/14 Juniper Networks to Cut Global... 03/28/14 What's More Valuable: A Stolen... More quote details and news » JNPR in Your Value Your Change Short position two of the largest manufacturers of network equipment, said Thursday that some of their products contain the "Heartbleed" bug, meaning hackers might be able to capture user names, passwords and other sensitive information as it moves across corporate networks, home networks and the Internet.

Many websites—including those run by Yahoo Inc., YHOO -4.22% Yahoo! Inc. U.S.: Nasdaq ^$33.40 -1.47 -4.22% April 10, 2014 4:00 pm Volume (Delayed 15m) : 33.68M AFTER HOURS ^$33.49 +0.09 +0.27% April 10, 2014 5:47 pm Volume (Delayed 15m): 288,082 P/E Ratio 25.69 Market Cap $35.20 Billion Dividend Yield N/A Rev. per Employee $383,392 04/10/14 Heartbleed Bug Found in Cisco ... 04/10/14 A Middling Outlook for the TV ... 04/10/14 Twitter Proxy Reveals CFO Wind... More quote details and news » YHOO in Your Value Your Change Short position Amazon.com Inc. and Netflix Inc.—quickly fixed the hole after it was disclosed Monday. But Cisco and Juniper said the security flaw affects routers, switches and firewalls used in businesses and at home.

These devices likely will be more difficult to fix. The process involves more steps and businesses are less likely to check the status of network equipment, security experts said.

Bruce Schneier, a cybersecurity researcher and cryptographer, said, "The upgrade path is going to involve trash can, a credit card, and a trip to Best Buy."

To be sure, the products available at retail stores now likely were shipped before the bug was revealed on Monday, and may also contain the defective software, from an encryption code known as OpenSSL.

Companies often use firewalls and virtual private networks to protect their computer systems. But if the machines that run the firewalls and virtual private networks are affected by the Heartbleed bug, attackers could use them to infiltrate a network, said Matthew Green, an encryption expert at Johns Hopkins University.

"It's pretty bad," Mr. Green said. "Lots and lots of people connect to these things."

Mr. Green and others said the bug likely affects some home-networking equipment, such as wireless routers.

In a customer bulletin updated Thursday, Cisco told clients that 66 products are "affected by a vulnerability that could allow an unauthenticated, remote attacker to retrieve" potentially sensitive information.

Cisco said it would update customers when it has software patches. In the meantime, its security researchers offered users software that it said would detect hackers exploiting the bug. A Cisco spokesman referred a query to the bulletin on its website.

Juniper said the process of updating its equipment might be lengthy. "It doesn't sound like a flip the switch sort of thing," said Corey Olfert, a Juniper spokesman. "I don't know how quickly they can be resolved."

To keep prying eyes out, websites and network equipment use encryption to turn sensitive information into a jumble or unreadable text. Since writing encryption code is complex, developers often use a free, open-source version called OpenSSL. It's a barebones project managed by four European coders.

The Heartbleed bug—first introduced into OpenSSL two years ago—allows hackers to grab bits of data from servers and equipment after it has been decrypted.

Write to Danny Yadron at danny.yadron@wsj.com