| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <44899F1B.11633.1A9489E@localhost> Date: Fri, 09 Jun 2006 16:17:31 +0200 From: "Amit Klein (AKsecurity)" <aksecurity@...pop.com> To: bugtraq@...urityfocus.com, Michal Zalewski <lcamtuf@...ne.ids.pl> Cc: full-disclosure@...ts.grok.org.uk Subject: Re: SSL VPNs and security On 8 Jun 2006 at 22:48, Michal Zalewski wrote: > "Web VPN" or "SSL VPN" is a term used to denote methods for accessing > company's internal applications with a bare WWW browser, with the use of > browser-based SSO authentication and SSL tunneling. As opposed to IPSec, > no additional software or configuration is required, and hence, corporate > users can use pretty much any computer they can put their hands on. > > - Application cookies set by other applications. If passed to the > browser (as some SSL VPNs do), these cookies are separated by the use > of "path" parameter alone, which does not necessarily establish a > browser security domain boundary. This is equivalent to the attacker > obtaining user credentials to these applications. > Yes, the path field (in Set-Cookie) doesn't buy you much, see a detailed discussion in "Path Insecurity": http://www.webappsec.org/lists/websecurity/archive/2006-03/msg00000.html -Amit _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists