Recently there is no peace for the Cisco ASA Appliance.
After the vulnerability in the fragmentation of the IKE payload, a new zero-day afflicts the Cisco ASA VPN Portal through XSS attack.
Cisco ASA VPN is prone to a XSS on the password recovery page.
This vulnerability can be used by an attacker to capture other user’s credentials.
The password recovery form fails to filter properly the hidden inputs fields.
Here a simple Proof-Of-Concept to check the vulnerability:
- OpenSSL Security Advisory, 3rd May 2016: Patch, Patch ASAP!
- Tor in a company network: how to detect and block it?
- Mazar BOT campaign in Denmark and Italy
- BadLock: let's take stock of situation!
- The Panama Papers Leak – What You Need To Know
- Frederike Kaltheuner @ #IJF16: understanding predictive privacy harms