search cancel

Malicious URL Redirection for Symantec Web Email Protection for Symantec Encryption Management Server

book

Article ID: 150170

calendar_today

Updated On:

Products

Encryption Management Server

Issue/Introduction

 

Resolution

There have been reports that a Symantec Web Email Protection user could be redirected to a malicious site by modifying the HTTP headers of the session.  For example, a user could click on a link to Symantec Web Email Protection for keys.domain.dom, after the attacker has gained control\access to the user's system (browser, or device, etc.), could then be redirected to a site of the attacker's choosing, thus exposing the user to the attacker's website to obtain further data from the user.

Symantec Development and Security Teams have reviewed this report and in order to exploit this, the attacker must already have a level of control\access of the user's system (browser, or device, etc.) that would allow controlling the session before HTTPS.  With this level of control\access the attacker could do many other malicious attacks outside of the control of Symantec Web Email Protection.  The HTTPS session for Symantec Web Email Protection is fully secured such that the headers are then encrypted, and cannot be redirected, making this threat extremely low.

Etrack: 3838822