Published:2004/09/30 Last Updated:2008/05/21
JVN#67B82FA3
SSL-VPN products vulnerable to cookie theft
Overview
When using an SSL-VPN product, if a user selects a mode in which the user can log in with the username and password without using the SSL client authentication, a session hijacking could be conducted.
Products Affected
- Some SSL-VPN products (For more information, refer to the vendor's website.)
Description
Impact
An attacker may be able to intercept a session ID stored in a cookie and hijack a login user's session.
Solution
Vendor Status
| Vendor | Status | Last Update | Vendor Notes |
|---|---|---|---|
| FUJITSU LIMITED | Not Vulnerable | 2005/10/04 | |
| Hitachi | Not Vulnerable | 2004/09/30 | |
| Mitsubishi Electric Corporation | Unknown | 2004/09/30 | |
| Orangesoft Inc. | Not Vulnerable, investigating | 2004/09/30 | |
| Trend Micro Incorporated | Not Vulnerable | 2004/09/30 | |
| Yokogawa Electric Corporation | Vulnerable | 2004/09/30 |
| Vendor | Link |
| F5 Networks |
F5 Networks Information for VU#546483 |
| Nortel Networks |
Nortel Networks Information for VU#546483 |
References
- National Institute of Advanced Industrial Science and Technology (AIST), SecurIT
http://securit.gtrc.aist.go.jp/research/paper/AIST03-J00017/ - US-CERT Vulnerability Note VU#546483
Multiple networking devices fail to set the "Secure" attribute of a cookie
JPCERT/CC Addendum
Credit
Hiromitsu Takagi of Research Center for Information Security (RCIS), National Institute of Advanced Industrial Science and Technology (AIST), Japan reported this vulnerability to IPA.
JPCERT/CC coordinated with the vendors under Information Security Early Warning Partnership.
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE | |
| JVN iPedia |
JVNDB-2004-000588 |