Full Disclosure mailing list archives
Re: SSL VPNs and security
From: "Amit Klein (AKsecurity)" <aksecurity () hotpop com>
Date: Fri, 09 Jun 2006 16:17:31 +0200
On 8 Jun 2006 at 22:48, Michal Zalewski wrote:
"Web VPN" or "SSL VPN" is a term used to denote methods for accessing company's internal applications with a bare WWW browser, with the use of browser-based SSO authentication and SSL tunneling. As opposed to IPSec, no additional software or configuration is required, and hence, corporate users can use pretty much any computer they can put their hands on.
- Application cookies set by other applications. If passed to the browser (as some SSL VPNs do), these cookies are separated by the use of "path" parameter alone, which does not necessarily establish a browser security domain boundary. This is equivalent to the attacker obtaining user credentials to these applications.
Yes, the path field (in Set-Cookie) doesn't buy you much, see a detailed discussion in "Path Insecurity": http://www.webappsec.org/lists/websecurity/archive/2006-03/msg00000.html -Amit _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: SSL VPNs and security, (continued)
- Re: SSL VPNs and security Tim (Jun 09)
- Re: SSL VPNs and security Q-Ball (Jun 12)
- Re: SSL VPNs and security Ray P (Jun 13)
- Re: SSL VPNs and security Q-Ball (Jun 13)
- Re: SSL VPNs and security Tim (Jun 09)
- Re: SSL VPNs and security Michael Holstein (Jun 09)
- Re: SSL VPNs and security Tim (Jun 09)
- Re: SSL VPNs and security Brian Eaton (Jun 09)
- Re: SSL VPNs and security Michael Holstein (Jun 09)