lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 6 May 2003 19:14:40 -0700 (PDT)
From: Dave Palumbo <dpalumbo@...oo.com>
To: bugtraq@...urityfocus.com, vulnwatch@...nwatch.org
Subject: [VulnDiscuss] XSS In Neoteris IVE Allows Session Hijacking


---------------------------------------------------------------------------------------------------
-=<sMax. Security Advisory>=-	

Advisory Title:	Cross-Site Scripting (XSS) in Neoteris IVE Allows Session Hijacking
Release Date:	May 7, 2003
Product:		Neoteris Instant Virtual Extranet (IVE), Versions 3.01 and Prior
Overall Risk:	Medium
CVE Candidate:	CAN-2003-0217
---------------------------------------------------------------------------------------------------

PRODUCT OVERVIEW:

Neoteris Instant Virtual Extranet (IVE) is an appliance-based remote access solution that is
accessed via a standard web browser.  The Neoteris IVE is one of the more well known "clientless
VPN" solutions, and in fact boasts an impressive, growing list of customers (see
http://www.neoteris.com for more information).  Once authenticated to the remote network via the
IVE, a user can theoretically access all internal resources, provided the Neoteris box is
configured accordingly.

Quoting from the company website, "The Neoteris IVE has always provided a means to remote access
with a dramatically lower Total Cost of Ownership vs. traditional methods like VPN or dial. The
IVE also enhances security, by eliminating open-ended, network layer connections. The security of
the IVE has been verified by a several well-known independent security authorities."  

VULNERABILITY:

A cross-site scripting (XSS) vulnerability exists in Neoteris IVE v3.01 and prior.  An argument
passed to a CGI script does not properly validate input.  It has been confirmed that exploiting
this vulnerability can lead to a legitimate user's session being hijacked, bypassing any
authentication.  

SOLUTION:

I would like to thank Neoteris for their cooperation in developing a remediation for this
vulnerability.  A patch has been released for v3.01 and prior.  In addition, this issue has been
fixed in v3.1.  Patch and new version release information is available for customers at
https://support.neoteris.com.

The Common Vulnerabilities and Exposures (CVE) project has assigned the name CAN-2003-0217 to this
issue. This is a candidate for inclusion in the CVE list (http://cve.mitre.org), which
standardizes names for security problems.

Special thanks to DW (shall I say greetz?) for his invaluable help with these issues.

- Dave Palumbo

__________________________________
Do you Yahoo!?
The New Yahoo! Search - Faster. Easier. Bingo.
http://search.yahoo.com

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ