SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Device (Router/Bridge/Hub)  >   Blue Coat ProxySG Vendors:   Blue Coat Systems, Symantec
Blue Coat ProxySG Lets Remote Users Bypass SAML Authentication on the Target System
SecurityTracker Alert ID:  1040993
SecurityTracker URL:  http://securitytracker.com/id/1040993
CVE Reference:   CVE-2018-5241   (Links to External Site)
Date:  May 30 2018
Impact:   Host/resource access via network
Vendor Confirmed:  Yes  
Version(s): 6.5, 6.6, 6.7
Description:   A vulnerability was reported in Blue Coat ProxySG. A remote user can bypass authentication.

The system does not properly process SAML responses that contain XML nodes with comments. A remote user can modify a valid SAML response so that the target system will still validate the cryptographic signature, allowing SAML authentication security controls to be bypassed.

Administrator user authentication for the management console is not affected.

Impact:   A remote user can bypass SAML authentication on the target system.
Solution:   No solution was available at the time of this entry.

The vendor advisory is available at:

https://www.symantec.com/security-center/network-protection-security-advisories/SA167

Vendor URL:  www.symantec.com/security-center/network-protection-security-advisories/SA167 (Links to External Site)
Cause:   Authentication error

Message History:   None.


 Source Message Contents



[Original Message Not Available for Viewing]


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC