Security flaw threatens Cisco Web site

[InfoSec News <isn () c4i org>]

http://www.zdnet.com.au/newstech/security/story/0,2000024985,20270791,00.htm

By Patrick Gray, ZDNet Australia
19 December 2002
    
Securiteam.com, an online security portal, have found a Cross-Site
Scripting (XSS) vulnerability in the cisco.com Web site, according to
an advisory.
 
"The vulnerability would allow attackers to cause users to view
third-party malicious JavaScript or HTML code as if it were the
legitimate content offered by Cisco," the advisory said.

XSS vulnerabilities are at their most serious when user logins are
involved. They may in some circumstances make it possible for an
attacker to "steal" a user’s session information, potentially allowing
them to login as the victim user.

It is not known if Cisco, which does have a client login function on
their Web site, is vulnerable to this extent.

"Session theft" attack types are not very easy to carry out, and must
be directed at the user of the affected site, not the site itself.

The Cisco Web site login function allows users to "…place and manage
orders for Cisco networking products and services via the Internet".

Logged in customers can also download versions of Cisco’s IOS software
not normally available to the public.

XSS vulnerabilities have become quite "in vogue" lately, with many
security researchers focusing their efforts in detection and
elimination of the security problem.

The recently held hacking competition, OpenHack IV, dished out US$500
to a single entrant, Jeremy Poteet, who found XSS vulnerabilities in
the application being tested, which was engineered by Oracle.

Cisco were unable to comment at the time of writing.
 


-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.