10

*******************************************************************

$ An open security advisory #10 - Siteminder v5.5 Vulnerabilities

*******************************************************************

1: Bug Researcher: c0ntex - c0ntexb[at]gmail.com

2: Bug Released: July 08 2005

3: Bug Impact Rate: Medium / Hi

4: Bug Scope Rate: Remote

*******************************************************************

$ This advisory and/or proof of concept code must not be used for commercial gain.

*******************************************************************

Siteminder

http://www3.ca.com/Solutions/Product.asp?ID=5262

"eTrust™ SiteMinder® is a market-leading, security and management foundation for enterprise Web

applications with a centralized security infrastructure for managing user authentication and

access. eTrust SiteMinder delivers the market’s most advanced security management capabilities

and enterprise-class site administration, reducing overall IT operational cost and complexity.

eTrust SiteMinder enables the secure delivery of essential information and applications to

employees, partners, suppliers and customers, and scales with growing business needs.."

Siteminder is vulnerable to XSS whereby a user can tag HTML or javascript on to various locations

in a URL or input field and have the script run in the local users browser. This can be used to

perform phishing attacks, hijack users browser sessions or user account information by redrawing

the login page of a site.

http://vuln/siteminderagent/pwcgi/smpwservicescgi.exe?SMAUTHREASON=0&TARGET=&USERNAME=hacker&

The following link will abuse the URL option by first logging the user out of the site with a

timeout error, due to the fact that we send her off to another HTTPS site, taking the user back to

the login page. Next, we open an IFRAME over the original login fields with malicious Username and

Password input fields, whereby a user will then supply their login details to a malicious site,

to be later harvested and used in an attack.

It is advised that all users upgrade to the latest version of SiteMinder to limit the potential for

attack. I contacted Netegrity via ca.com multiple times but received no response.


Ведете ли вы блог?

Да
Нет
Планирую


Результаты опроса

Новостной блок