Lucene search

K

SEC-20051025-1.txt

๐Ÿ—“๏ธย 27 Oct 2005ย 00:00:00Reported byย sec-consult.comTypeย 
packetstorm
ย packetstorm
๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 42ย Views

RSA ACE Web Agent XSS vulnerability in version 5.1, 5.1.1 allows injection of client-side scripts in the "image" parameter

Show more
Related
Code
ReporterTitlePublishedViews
Family
Cvelist
CVE-2003-0389
20 Jun 200304:00
โ€“cvelist
NVD
CVE-2003-0389
24 Jul 200304:00
โ€“nvd
CVE
CVE-2003-0389
24 Jul 200304:00
โ€“cve
Packet Storm
ProCheckUp Security Advisory 2007.44
24 Apr 200800:00
โ€“packetstorm
securityvulns
PR07-44: XSS on RSA Authentication Agent login page
24 Apr 200800:00
โ€“securityvulns
`SEC-CONSULT Security Advisory 20051025-1  
=====================================================================  
title: RSA ACE Web Agent XSS  
program: RSA ACE/Agent for Web  
vulnerable version: 5.1, 5.1.1  
newer versions may be vulnerable  
homepage: www.rsasecurity.com  
found: 2005-10  
by: SEC-CONSULT / www.sec-consult.com  
=====================================================================  
Vendor description:  
---------------  
  
RSA Authentication Agent software intercepts access requestsย—whether  
local or remoteย—from users or groups of users and directs them to the  
RSA Authentication Manager program for authentication. Once verified,  
permission to access protected resources is granted.  
  
  
Vulnerabilty overview:  
---------------  
  
RSA Authentication Agent for Web 5.1 is prone to a Cross site scripting  
vulnerability. Please note that this is issue is different from  
CAN-2003-0389.  
  
  
Vulnerability details:  
---------------  
  
Due to missing input validation it is possible to inject client side  
scripts into the "image" - parameter.  
  
example:  
  
---cut here---  
  
http://[SERVER]/webauthentication?GetPic?  
image=x%3Cimg%20src=%22A%22+onError=%22javascript:alert('Thanks%20for%20turning%20on%20the%20remotecontrol')%3b%22%3Exxx  
  
---cut here---  
  
  
Recommended fixes  
---------------  
  
Whitelist allowed characters in userinput.  
  
  
Vulnerable versions:  
---------------  
  
This flaw was discovered in version 5.1 of RSA Agent for Web. No other  
versions were available for testing. Web Agents >5.1 may also be vulnerable.  
  
  
Vendor status:  
---------------  
  
RSA Security was notified of this issue several times. However, this  
would not inspire them to do further investigation on the flaw.  
  
  
General remarks  
---------------  
We know that version 5.1 ist not supported any more and we would like to  
apologize in advance for potential nonconformities and/or known issues.  
  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
SEC Consult Unternehmensberatung GmbH  
  
Office Vienna  
Blindengasse 3  
A-1080 Wien  
Austria  
  
Tel.: +43 / 1 / 409 0307 - 570  
Fax.: +43 / 1 / 409 0307 - 590  
Mail: office at sec-consult dot com  
www.sec-consult.com  
  
EOF SEC Consult / @2005  
research at sec-consult dot com  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
27 Oct 2005 00:00Current
6.7Medium risk
Vulners AI Score6.7
EPSS0.003
42
.json
Report