Vulners
Lucene search
SEC-20051025-1.txt
🗓️ 27 Oct 2005 00:00:00Reported by sec-consult.comType 
packetstorm🔗 packetstormsecurity.com👁 47 Views
| Reporter | Title | Published | Views | Family All 6 |
|---|---|---|---|---|
 | CVE-2003-0389 | 20 Jun 200304:00 | – | cve |
 | CVE-2003-0389 | 20 Jun 200304:00 | – | cvelist |
 | EUVD-2003-0383 | 7 Oct 202500:30 | – | euvd |
 | CVE-2003-0389 | 24 Jul 200304:00 | – | nvd |
| ProCheckUp Security Advisory 2007.44 | 24 Apr 200800:00 | – | packetstorm |
 | PR07-44: XSS on RSA Authentication Agent login page | 24 Apr 200800:00 | – | securityvulns |
`SEC-CONSULT Security Advisory 20051025-1
=====================================================================
title: RSA ACE Web Agent XSS
program: RSA ACE/Agent for Web
vulnerable version: 5.1, 5.1.1
newer versions may be vulnerable
homepage: www.rsasecurity.com
found: 2005-10
by: SEC-CONSULT / www.sec-consult.com
=====================================================================
Vendor description:
---------------
RSA Authentication Agent software intercepts access requestswhether
local or remotefrom users or groups of users and directs them to the
RSA Authentication Manager program for authentication. Once verified,
permission to access protected resources is granted.
Vulnerabilty overview:
---------------
RSA Authentication Agent for Web 5.1 is prone to a Cross site scripting
vulnerability. Please note that this is issue is different from
CAN-2003-0389.
Vulnerability details:
---------------
Due to missing input validation it is possible to inject client side
scripts into the "image" - parameter.
example:
---cut here---
http://[SERVER]/webauthentication?GetPic?
image=x%3Cimg%20src=%22A%22+onError=%22javascript:alert('Thanks%20for%20turning%20on%20the%20remotecontrol')%3b%22%3Exxx
---cut here---
Recommended fixes
---------------
Whitelist allowed characters in userinput.
Vulnerable versions:
---------------
This flaw was discovered in version 5.1 of RSA Agent for Web. No other
versions were available for testing. Web Agents >5.1 may also be vulnerable.
Vendor status:
---------------
RSA Security was notified of this issue several times. However, this
would not inspire them to do further investigation on the flaw.
General remarks
---------------
We know that version 5.1 ist not supported any more and we would like to
apologize in advance for potential nonconformities and/or known issues.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
SEC Consult Unternehmensberatung GmbH
Office Vienna
Blindengasse 3
A-1080 Wien
Austria
Tel.: +43 / 1 / 409 0307 - 570
Fax.: +43 / 1 / 409 0307 - 590
Mail: office at sec-consult dot com
www.sec-consult.com
EOF SEC Consult / @2005
research at sec-consult dot com
`
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
27 Oct 2005 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.00312