Severity: High
17 November, 2008
Summary:
- This vulnerability affects: Firebox X Edge 10.2.3 (and earlier versions)
- How an attacker exploits it: By entering a specially crafted username into the authentication page, or by manually visiting a specific URL
- Impact: A remote attacker can authenticate to your Edge without valid login credentials, in some cases gaining VPN access to your network
- What to do: Install 10.2.4 immediately
Exposure:
In order for you to verify that your users really are who they claim to be, the Firebox X Edge supports various types of user authentication. With user authentication configured, you can create URL filtering or VPN policies that permit or deny data traffic based on who someone is, rather than based on the IP address they come from. You also utilize user authentication when setting up mobile VPN access to your network. The Edge provides a secure HTTPS web page that allows your users to authenticate to your Edge.