ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Malicious URL Redirection for Symantec Web Email Protection for Symantec Encryption Management Server
Article ID: 150170
Encryption Management Server
There have been reports that a Symantec Web Email Protection user could be redirected to a malicious site by modifying the HTTP headers of the session. For example, a user could click on a link to Symantec Web Email Protection for keys.domain.dom, after the attacker has gained control\access to the user's system (browser, or device, etc.), could then be redirected to a site of the attacker's choosing, thus exposing the user to the attacker's website to obtain further data from the user.
Symantec Development and Security Teams have reviewed this report and in order to exploit this, the attacker must already have a level of control\access of the user's system (browser, or device, etc.) that would allow controlling the session before HTTPS. With this level of control\access the attacker could do many other malicious attacks outside of the control of Symantec Web Email Protection. The HTTPS session for Symantec Web Email Protection is fully secured such that the headers are then encrypted, and cannot be redirected, making this threat extremely low.