CSRF vulnerability on Web Agent Option Pack from Pen test
search cancel

CSRF vulnerability on Web Agent Option Pack from Pen test

book

Article ID: 233887

calendar_today

Updated On:

Products

CA Single Sign On Agents (SiteMinder) CA Single Sign On Federation (SiteMinder) SITEMINDER

Issue/Introduction

 

When running a Web Agent Option Pack or CA Access Gateway (SPS), a
CSRF vulnerability has been found, leading to a DOS attack against :

  /affwebservices/public/saml2slo
  /myApp/logout  ( SLO-URL )

 

Resolution

 

At first glance, CSRF vulnerability are described here how to be
prevent. But this depends of the component you're running and also the
details of the attach identified as CSRF is generic term (1)(2).

 

Additional Information

 

(1)

    Help Prevent Attacks
    https://techdocs.broadcom.com/us/en/symantec-security-software/identity-security/siteminder/12-8/configuring/web-agent-configuration/user-protection/help-prevent-attacks.html

(2)

  
    Open redirect vulnerability affwebservices Web Agent Option Pack
    https://knowledge.broadcom.com/external/article?articleId=191744

Powered by Wolken Software