lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 8 Nov 2016 18:09:05 GMT
From: sanehsingh@...trolcase.com
To: bugtraq@...urityfocus.com
Subject: URL Redirection Vulnerability In Verint Impact 360

URL Redirection Vulnerability In Verint Impact 360

Overview
========

* Title : URL Redirection Vulnerability In Verint Impact 360
* Author: Sanehdeep Singh
* Plugin Homepage: http://www.verint.com 
* Severity: Medium
* Version Affected: 11.1
* Version patched: Patches available. Contact Vendor

Description 
===========

About the Product
=================
Verint Impact 360 is a quality monitoring/call recording, workforce management, performance management, and eLearning help optimize business operations, customer relationships,and personnel enterprise-wide application. 

Vulnerable Parameter 
--------------------

UserSettings_Frames.aspx?returl=URL

About Vulnerability
-------------------
Verint Impact 360 application is vulnerable to URL redirection vulnerability. This type of vulnerability could be used to accomplish a phishing attack or redirect a victim to an infection page.

#Live Poc URL
https://XXX/Ultra/Settings/UserSettings_Frames.aspx?returl=/Ultra/HomePage_Frames.aspx

Mitigation 
==========
Contact Verint team for Mitigation.

Disclosure 
==========
29-August-2016 Reported to Verint Team
 
Credits
=======
* Sanehdeep  Singh 
* Senior Consultant
* ControlCase International Pvt Ltd.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ