SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Firewall)  >   KerioControl (WinRoute Firewall) Vendors:   Kerio Technologies
(Vendor Issues Fix) Re: Kerio WinRoute Firewall Discloses Authentication Data to Remote Sites When Using Proxy Authentication
SecurityTracker Alert ID:  1008325
SecurityTracker URL:  http://securitytracker.com/id/1008325
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Updated:  Dec 15 2003
Original Entry Date:  Nov 28 2003
Impact:   Disclosure of authentication information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.10
Description:   A vulnerability was reported in the Kerio WinRoute Firewall software. A remote web server may be able to obtain a target user's username and password.

Alexander Antipov and 3APA3A reported that if proxy authentication is used, the firewall software may leak authentication credentials to remote users. The firewall software will reportedly send a slightly modified version of the target user's Proxy-Authorization header to any site that the target user visits. According to the report, the firewall will replace the first character with an 'X' character, as shown:

Xroxy-Authorization: Basic dGVzdDp0ZXN0aW5n

The username and password are Base64 encoded.

Impact:   A remote user (acting as a web server) may be able to obtain the target user's username and password.
Solution:   A user reported that in version 5.1.7, all unusable HTTP headers are completely removed from the HTTP request.
Vendor URL:  www.kerio.com/kwf_home.html (Links to External Site)
Cause:   Access control error
Underlying OS:  Windows (Any)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 19 2003 Kerio WinRoute Firewall Discloses Authentication Data to Remote Sites When Using Proxy Authentication



 Source Message Contents

Subject:  Re: Kerio Winroute Firewall Xroxy problem


        Note that this problem was fixed about a month ago, in Kerio WinRoute
Firewall 5.1.4, where the exposed data was replaced by the  'X'
character. However, this still provided a little information about the
user (proxy). So, in the most recent release, 5.1.7, all unusable HTTP
headers are completely removed from the HTTP request.

        We of course encourage all of our users to upgrade to the most recent
release. Kerio WinRoute Firewall upgrades are painless -- just download
the new version and install it over the old one.

        -Max Kanat-Alexander
        2nd Level Technical Support Engineer, USA
        Kerio Technologies, Inc.
        <http://www.kerio.com/>

--
Note: This message is probably not an official message of Kerio
Technologies, Inc. I just thought that the list would like to know.

----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.

----

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2022, SecurityGlobal.net LLC