Published:2004/09/30  Last Updated:2008/05/21

JVN#67B82FA3
SSL-VPN products vulnerable to cookie theft

Overview

When using an SSL-VPN product, if a user selects a mode in which the user can log in with the username and password without using the SSL client authentication, a session hijacking could be conducted.

Products Affected

  • Some SSL-VPN products (For more information, refer to the vendor's website.)

Description

Impact

An attacker may be able to intercept a session ID stored in a cookie and hijack a login user's session.

Solution

Vendor Status

Vendor Status Last Update Vendor Notes
FUJITSU LIMITED Not Vulnerable 2005/10/04
Hitachi Not Vulnerable 2004/09/30
Mitsubishi Electric Corporation Unknown 2004/09/30
Orangesoft Inc. Not Vulnerable, investigating 2004/09/30
Trend Micro Incorporated Not Vulnerable 2004/09/30
Yokogawa Electric Corporation Vulnerable 2004/09/30

References

  1. National Institute of Advanced Industrial Science and Technology (AIST), SecurIT
    http://securit.gtrc.aist.go.jp/research/paper/AIST03-J00017/
  2. US-CERT Vulnerability Note VU#546483
    Multiple networking devices fail to set the "Secure" attribute of a cookie

JPCERT/CC Addendum

Credit

Hiromitsu Takagi of Research Center for Information Security (RCIS), National Institute of Advanced Industrial Science and Technology (AIST), Japan reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.

Other Information

JPCERT Alert
JPCERT Reports
CERT Advisory
CPNI Advisory
TRnotes
CVE
JVN iPedia JVNDB-2004-000588

Update History