BugTraq
SSL VPNs and security Jun 08 2006 08:48PM
Michal Zalewski (lcamtuf dione ids pl) (2 replies)
Re: SSL VPNs and security Jun 13 2006 11:11PM
Eloy Paris (elparis cisco com)
Re: SSL VPNs and security Jun 09 2006 02:17PM
Amit Klein (AKsecurity) (aksecurity hotpop com)
On 8 Jun 2006 at 22:48, Michal Zalewski wrote:

> "Web VPN" or "SSL VPN" is a term used to denote methods for accessing
> company's internal applications with a bare WWW browser, with the use of
> browser-based SSO authentication and SSL tunneling. As opposed to IPSec,
> no additional software or configuration is required, and hence, corporate
> users can use pretty much any computer they can put their hands on.

>
> - Application cookies set by other applications. If passed to the
> browser (as some SSL VPNs do), these cookies are separated by the use
> of "path" parameter alone, which does not necessarily establish a
> browser security domain boundary. This is equivalent to the attacker
> obtaining user credentials to these applications.
>

Yes, the path field (in Set-Cookie) doesn't buy you much, see a detailed discussion in
"Path Insecurity":
http://www.webappsec.org/lists/websecurity/archive/2006-03/msg00000.html

-Amit

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus