SOL11797 - Pre-logon sequence vulnerability to token spoofing

ID SOL11797
Type f5
Reporter f5
Modified 2011-05-12T00:00:00


A vulnerability exists in the FirePass pre-logon sequence. Under certain conditions, the FirePass controller can accept the output of a pre-logon sequence check that would have been run on a different computer. This vulnerability would allow an attacker to use the pre-logon token from a workstation that complies with the pre-logon sequence requirements in order to access the login page of the Firepass using a workstation that may not comply.

F5 Product Development tracked this issue as CR142072 and ID 294523 and it was fixed in FirePass version 7.0.0. For information about upgrading, refer to the FirePass release notes.

Additionally, this issue was fixed in cumulative hotfix HF-610-3-1 issued for FirePass version 6.1.0 and hotfix-116015-142333 for FirePass version 5.5.2. You may download these hotfixes or later versions of the hotfixes from the F5 Downloads site.

For instructions about obtaining a hotfix, refer to SOL167: Downloading software from F5.

For instructions about installing a hotfix, refer to SOL3430: Installing FirePass hotfixes.