Check Point Connectra R62 Login Script Injection Vulnerability
scip AG Vulnerability ID 4020 (09/04/2009) http://www.scip.ch/?vuldb.4020
Stefan Friedli at scip AG (Switzerland) found an input validation error within the current release, which enabled an attacker to perform various web-based attacks.
The initial logon script at /Login/Login, that is being used for unauthenticated users to log in, fails to perform proper input validation on the data that is being submitted via HTTP POST. While certain fields are escaped before being sent back to users browser, the parameter "vpid_prefix" lacks any validation and is therefore vulnerable to script injection.
Other parts of the application might be affected too.
This vulnerability has been tested on version R62, other versions might be affected as well.
Advisory:
Check Point Connectra R62 Login Script Injection Vulnerability
Secunia:
Check Point Connectra vpid_prefix Cross-Site Scripting
Securityfocus:
Check Point Connectra '/Login/Login' Arbitrary Script Injection Vulnerability
VUPEN:
Check Point Connectra vpid_prefix Cross Site Scripting Vulnerability
UPDATE:
Other versions are affected too. See Checkpoints official response for details.
