lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Fri Jun 9 15:12:04 2006 From: eaton.lists at gmail.com (Brian Eaton) Subject: SSL VPNs and security On 6/9/06, Tim <tim-security@...tinelchicken.org> wrote: > Set up a wildcard record, *.webvpn.example.org, pointing to the device. > The device then maps all internal domain names or IP addresses to a > unique hostname, such as: internalhost.webvpn.example.org, or > 192-168-0-1.webvpn.example.org, etc. > > Wouldn't this properly segment different internal sites, such that an > XSS in one wouldn't impact the other? If so, pay attention all SSL VPN > vendors: it is your free idea for the week. That depends on whether the solution tries to solve single-sign-on problems as well. If the vendor is trying to handle SSO in such an environment, then they are probably using domain cookies. The problems are exactly the same as the ones Michal listed, plus some additional ones specific to domain cookies. - Brian
Powered by blists - more mailing lists