SEC-Consult SA 20051025-1 :: RSA ACE Web Agent XSS

2005.10.26
Credit: Bernhard Mueller (research sec-consult com)
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2005-3329
CWE: CWE-79


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: Partial
Availability impact: None

SEC-CONSULT Security Advisory 20051025-1 ===================================================================== title: RSA ACE Web Agent XSS program: RSA ACE/Agent for Web vulnerable version: 5.1, 5.1.1 newer versions may be vulnerable homepage: www.rsasecurity.com found: 2005-10 by: SEC-CONSULT / www.sec-consult.com ===================================================================== Vendor description: --------------- RSA Authentication Agent software intercepts access requests?whether local or remote?from users or groups of users and directs them to the RSA Authentication Manager program for authentication. Once verified, permission to access protected resources is granted. Vulnerabilty overview: --------------- RSA Authentication Agent for Web 5.1 is prone to a Cross site scripting vulnerability. Please note that this is issue is different from CAN-2003-0389. Vulnerability details: --------------- Due to missing input validation it is possible to inject client side scripts into the "image" - parameter. example: ---cut here--- http://[SERVER]/webauthentication?GetPic? image=x%3Cimg%20src=%22A%22+onError=%22javascript:alert('Thanks%20for%20 turning%20on%20the%20remotecontrol')%3b%22%3Exxx ---cut here--- Recommended fixes --------------- Whitelist allowed characters in userinput. Vulnerable versions: --------------- This flaw was discovered in version 5.1 of RSA Agent for Web. No other versions were available for testing. Web Agents >5.1 may also be vulnerable. Vendor status: --------------- RSA Security was notified of this issue several times. However, this would not inspire them to do further investigation on the flaw. General remarks --------------- We know that version 5.1 ist not supported any more and we would like to apologize in advance for potential nonconformities and/or known issues. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ SEC Consult Unternehmensberatung GmbH Office Vienna Blindengasse 3 A-1080 Wien Austria Tel.: +43 / 1 / 409 0307 - 570 Fax.: +43 / 1 / 409 0307 - 590 Mail: office at sec-consult dot com www.sec-consult.com EOF SEC Consult / @2005 research at sec-consult dot com


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top