| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAOOpvAq52cOy2Fh+ku6OTu4Qm3yxbHh=ghU2EBGhpjamX2jp7w@mail.gmail.com> Date: Mon, 22 Feb 2016 08:19:24 -0600 From: Joey Maresca <jmaresca@...il.com> To: Daniel Hadfield <dan@...gsweep.co.uk> Cc: fulldisclosure@...lists.org Subject: Re: [FD] Cisco ASA VPN - Zero Day Exploit According to Cisco it is CVE-2014-2120, which indicates that much like the code sort of gave away, it is a bad attempt by a 1337 hax0r to push their crappy 'exploitpack.com' instead of you know, finding anything useful. Indeed it is a damn XSS with minimal utility. The crappy code is just the icing on the cake that only tastes better when you realize he is over a year late on his '0-Day'. In fact, his code is so crappy it will pop on any box because he is searching for his name, which would be returned no matter what, because the username field gets populated on the password reset page as a hidden variable. Furthermore, searching for the name is pointless because it doesn't determine if the script is actually santized, which it will be on any patches system (patched WAY before this 'exploit') because if you actually print the server response, you'll see how they handled the username to prevent the script from being executed. On Mon, Feb 22, 2016 at 4:34 AM, Daniel Hadfield <dan@...gsweep.co.uk> wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA256 > > Is there a CVE ID for this? > > Also what firmware does this effect? I tested this and the input gets > HTML encoded so is nulled. > -----BEGIN PGP SIGNATURE----- > Version: GnuPG v2 > > iQIcBAEBCAAGBQJWyuREAAoJEFrCzlP2l9LQ5NAQAI5inAIprg6bkdqN6lvboHUA > Unhp+Kdpg3q71WlHqFYLxFMQ5OnUDSKMkR4Gn3j0FBQn4oYCPIUjp7BHw01FDnXg > I1Eyg8F9KHSYuQkFmijTDuNL0SRJ1JsRbtAaIhTCXvM5jB9FQfgvbXwPoKALEH9W > S54fnPAmsCyNd6+y1To8wt2JDW+ZomLQEApSL8zwgU37qJVtv0y+kOc46jgADJwq > TixhBBXw0GJen9gVWWQEDhK7zncft96PODbjgIdMb2lL+164G/AAj4VopmqPzNIb > EUrvPgB9lUkSQFxbZI4GooEdNbt6UKgyQRbGcftkNF0wrs59fdkRn8+bRiQyJcJu > /xLX+sOXphe4Dhjj05n6Ejsy5jugLAhMoRkBdxJlJHODjx4Uk8kt84Xh3sQyRo5o > se5vGxXOEn+rlxteHWQEb6KwskSeyBcZXMUi+UK++UOr2IvigMjfWQ5B0CWo7Ws+ > GTH8lI82gxkM2M3o+NVxxRPP23KfiBmWkhxYm2bosD+Y6qrv4M5cfEEwI/BK3O7d > YRInIEEGDrZKXlrr8gArVJVIDXrslCW5USH6ypHdxEelYv5PLdOy1W617gPGxVlx > /x96gE2404N4tvTH8rb9UUFWf+E8lT8sgtyivK9rtwMAQr2yG5FM1SOsS3V2iO7/ > /PPfXGv3BCclSfI63O7q > =UjVE > -----END PGP SIGNATURE----- > > > > _______________________________________________ > Sent through the Full Disclosure mailing list > https://nmap.org/mailman/listinfo/fulldisclosure > Web Archives & RSS: http://seclists.org/fulldisclosure/ > _______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Powered by blists - more mailing lists