Re: SSL VPNs and security

To: E Mintz <net4n6@xxxxxxxxx>
Subject: Re: SSL VPNs and security
From: Michal Zalewski <lcamtuf@xxxxxxxxxxxx>
Date: Fri, 9 Jun 2006 08:31:51 +0200 (CEST)
Cc: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
In-reply-to: <9b2461300606082317r7f16dafcv3b531e5652747c85@xxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <Pine.LNX.4.58.0606072320530.32681@dione> <9b2461300606082317r7f16dafcv3b531e5652747c85@xxxxxxxxxxxxxx>

On Fri, 9 Jun 2006, E Mintz wrote:

> How about some real-world, application specific exploits?

There's an example of a XSS that can be used to compromise Cisco Web VPN
session in the text.

> So, please show me an example of an actual compromise and I'll listen.
> Otherwise, put up, or shut up!

You're not strictly required to listen, you know ;)

/mz

Follow-Ups:
- Re: SSL VPNs and security
  - From: E Mintz

References:
- SSL VPNs and security
  - From: Michal Zalewski

Prev by Date: Re: DGbook v1.0 - XSS
Next by Date: Secunia Research: SelectaPix Cross-Site Scripting and SQL Injection Vulnerabilities
Previous by thread: Re: SSL VPNs and security
Next by thread: Re: SSL VPNs and security
Index(es):
- Date
- Thread