Summary
XSS vulnerability in webauth
Impact
An attacker may steal sensitive information or session credentials from firewall users.
Solution
New builds of Junos OS software are available from Juniper. As a workaround use Pass-Through Authentication rather than Web Authentication as an alternative form of firewall user authentication.
Insight
A reflected cross site scripting (XSS) vulnerability in SRX Web Authentication (webauth) may allow the stealing of sensitive information or session credentials from firewall users. This issue affects the device only when Web Authentication is used for firewall user authentication.
Affected
Junos OS 11.4, 12.1X44, 12.1X45, 12.1X46
Detection
Check the OS build.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-3821 -
CVSS Base Score: 4.3
AV:N/AC:M/Au:N/C:N/I:P/A:N
Related Vulnerabilities