Bugtraq mailing list archives
Re: SSL VPNs and security
From: "Amit Klein (AKsecurity)" <aksecurity () hotpop com>
Date: Fri, 09 Jun 2006 16:17:31 +0200
On 8 Jun 2006 at 22:48, Michal Zalewski wrote:
"Web VPN" or "SSL VPN" is a term used to denote methods for accessing company's internal applications with a bare WWW browser, with the use of browser-based SSO authentication and SSL tunneling. As opposed to IPSec, no additional software or configuration is required, and hence, corporate users can use pretty much any computer they can put their hands on.
- Application cookies set by other applications. If passed to the
browser (as some SSL VPNs do), these cookies are separated by the use
of "path" parameter alone, which does not necessarily establish a
browser security domain boundary. This is equivalent to the attacker
obtaining user credentials to these applications.
Yes, the path field (in Set-Cookie) doesn't buy you much, see a detailed discussion in "Path Insecurity": http://www.webappsec.org/lists/websecurity/archive/2006-03/msg00000.html -Amit
Current thread:
- SSL VPNs and security Michal Zalewski (Jun 08)
- Re: SSL VPNs and security Amit Klein (AKsecurity) (Jun 09)
- Message not available
- Re: SSL VPNs and security E Mintz (Jun 09)
- Message not available
- Re: SSL VPNs and security Michal Zalewski (Jun 09)
- Re: SSL VPNs and security E Mintz (Jun 12)
- Re: SSL VPNs and security Michal Zalewski (Jun 09)
- Re: SSL VPNs and security Eloy Paris (Jun 17)
- <Possible follow-ups>
- Re: SSL VPNs and security wnorth (Jun 12)
- Re: SSL VPNs and security thanekamp (Jun 12)
- Re: SSL VPNs and security Michal Zalewski (Jun 13)