|
Tuesday, 15 December 2009 22:40 |
Clientless SSL VPN products from multiple vendors operate in a way that breaks fundamental browser security mechanisms. An attacker could use these devices to bypass authentication or conduct other web-based attacks. By convincing a user to view a specially crafted web page, a remote attacker may be able to obtain VPN session tokens and read or modify content (including cookies, script, or HTML content) from any site accessed through the clientless SSL VPN. This effectively eliminates same origin policy restrictions in all browsers. Because all content runs at the privilege level of the web VPN domain, mechanisms to provide domain-based content restrictions, such as Internet Explorer security zones and the Firefox add-on NoScript, may be bypassed. For example, the attacker may be able to capture keystrokes while a user is interacting with a web page. For additional information about impacts, please review CERT Advisory CA-2000-02. There is no solution to this problem. Depending on their specific configuration and location in the network these devices may be impossible to operate securely. Administrators are encouraged to view the workarounds detailed in the Solutions section of the US-CERT Vulnerability Note for the following: 1. Limit URL rewriting to trusted domains 2. Block the VPN server from accessing untrusted domains 3. Disable URL hiding features Before taking any action please ensure that you are viewing the latest official version of this security advisory by referencing http://www.nortel.com/securityadvisories For more information: Please contact your next level of support or visit http://www.nortel.com/contact for support numbers within your region. Nortel security advisories: http://nortel.com/securityadvisories Nortel Partner Information Center (PIC) website: http://www.nortelnetworks.com/pic
Source : http://support.nortel.com/go/main.jsp?cscat=BLTNDETAIL&DocumentOID=984744&poid=
|
