Vigil@nce - Blue Coat ProxySG: credentials disclosure via HTTP 407 Challenges
February 2016 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker owning a malicious web server can return HTTP 407
pages to Blue Coat ProxySG, in order to get client credentials.
Impacted products: ProxySG, SGOS.
Severity: 2/4.
Creation date: 08/12/2015.
DESCRIPTION OF THE VULNERABILITY
The HTTP protocol uses the code 407 to require a challenge during
an authentication, such as NTLM.
However, ProxySG transmits these codes to the client
An attacker owning a malicious web server can therefore return
HTTP 407 pages to Blue Coat ProxySG, in order to get client
credentials.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN