lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 5 Feb 2013 18:40:06 GMT
From: research@...orsecurity.com
To: bugtraq@...urityfocus.com
Subject: [MajorSecurity-SA-2013-014] Sony Playstation Vita Browser -
 firmware 2.05 - Adressbar spoofing

[MajorSecurity-SA-2013-014]Sony Playstation Vita Browser - firmware 2.05 - Adressbar spoofing

Details
=============
Product: Sony Playstation Vita Browser - firmware 2.05
CVE-ID: CVE-2013-XXXX
Security-Risk: moderated
Remote-Exploit: yes
Vendor-URL: http://de.playstation.com/psvita/
Advisory-Status: published

Credits
=============
Discovered by: David Vieira-Kurz of MajorSecurity
original advisory: http://majorsecurity.com/psvita/sa-2013-014-en.php

Affected Products
=============
Sony Playstation Vita Browser ( Firmware: 2.05 )
Prior versions may also be affected

Product Description
=============
"Playstation Vita is the new handheld of Sony."

Vulnerability Details
=============
David Vieira-Kurz has discovered some vulnerabilities in Sony PS Vita based on firmware 2.05 .
The weakness is caused due to an error within the handling of URLs when using javascript's window.open() method.
This can be exploited to potentially trick users into supplying sensitive information to a malicious web site,
because information displayed in the address bar can be constructed in a certain way,
which may lead users to believe that they're visiting another web site than the displayed web site.

Steps to reproduce
=============
1) Visit http://majorsecurity.com/psvita/psvita-demo.html with a PS Vita with firmware 2.05 installed
2) click the "demo" button
3) The web browser will open a new window with "http://de.playstation.com/psvita/" in the adress bar,
but in fact "http://de.playstation.com/psvita/" is being displayed inside an iframe within
the host http://www.majorsecurity.com

Proof of Concept
=============
A proof-of-concept code is available here:
http://de.playstation.com/psvita/

Solution
=============
Users should upgrade to a newer version as far as the vendor has supplied a patch.

Timeline
================
2013-01-20, vulnerability identified
2013-01-20, vulnerability reproduced with firmware 2.05
2013-01-20, vendor has been informed
2013-01-27, vendor has been informed once again
2013-01-29, advisory published with partially details
2013-02-05, advisory published with full details and poc

Use of terms
================
Unaltered electronic reproduction of this advisory is permitted. For all other reproduction or publication, in printing or otherwise,
contact us for permission. Use of the advisory constitutes acceptance for use in an "as is" condition. All warranties are excluded.
In no event shall MajorSecurity be liable for any damages whatsoever including direct, indirect, incidental, consequential,
loss of business profits or special damages, even if MajorSecurity has been advised of the possibility of such damages.

Powered by blists - more mailing lists