Vigil@nce - Stonesoft SSL VPN: redirection
August 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can use the web site of Stonesoft SSL VPN, in order to
deceive the victim, and to redirect him to a malicious web site.
Impacted products: StoneGate SSL VPN
Severity: 2/4
Creation date: 06/08/2013
DESCRIPTION OF THE VULNERABILITY
The Stonesoft SSL VPN product offers a web site. Urls of this site
start by the server name, and users thus trust these urls.
This web site has a redirection feature. However, this feature
accepts to redirect to any external site. The victim can thus
click on a link starting by the server name, and then be
redirected to a malicious site.
An attacker can therefore use the web site of Stonesoft SSL VPN,
in order to deceive the victim, and to redirect him to a malicious
web site.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Stonesoft-SSL-VPN-redirection-13217