Cisco and Juniper clientless SSL VPNs Authentication Weakness2009-12-01 10:49 by DanielaTags: VPN, SSL, Cisco, Juniper, exploit
Virtual private networking software from Cisco Systems, Juniper, and other manufacturers can make users susceptible to a variety of web-based attacks, the US Computer Emergency Readiness Team warned on Monday. So-called clientless SSL VPN products, which provide browser-based access to intranets, email and other internal resources, expose users to attacks that allow eavesdroppers to view passwords and keystrokes. Of the 90 companies known to market products that use the technology, Cisco, Juniper, SafeNet and Sonic Wall are known to be affected, while it's unclear if an additional 77 are vulnerable. The weakness can be exploited only in attacks that are narrowly targeted at a particular website or domain, so there's not much chance of attack code going public that automates the process. But given the wealth of proprietary information hiding behind the typical VPN, it can nonetheless be used by determined attackers to bypass a website's authentication. Read more -here-
Post your review/comments
rate:
avg:
|