W2E_SSNID session fixation attack vulnerability
search cancel

W2E_SSNID session fixation attack vulnerability

book

Article ID: 251600

calendar_today

Updated On:

Products

CA 2E

Issue/Introduction

CA 2E 8.7.2 Web Option runtime vulnerable to W2E_SSNID session fixation attack vulnerability

Environment

CA 2E 8.7.2

Web Option

Resolution

Test PTF -  YW87318156.SAVF has been created to fix this vulnerability. Please contact Broadcom Support to obtain this Test PTF.

As part of having this Test PTF in place, you will need to create a new data area YW2ETSTRFA in the Web Option Environment library. The corresponding command is specified in the README document of the Test PTF.   You will need to set this data area value to be the name of the Test PTF library - YW87318156.

When the HTTP CGI job is started, the library (whose name is contained within the YW2ETSTRFA data area) will be added to the CGI job library list at runtime. This way, we do not have to copy any specific objects from the Test PTF library into the Y2WEB shipped product library.

The vulnerability has been resolved when the session id of a web option client session is copied and pasted into the web option client session running on a different machine. When done on the same machine, the vulnerability still exists and is a limitation given the manner in which Web Option works with each session having a 1-1 mapping with an underlying virtual terminal session.

When the session id is copied in the error scenario as mentioned above, we get the following message on screen:

"Invalid SSNID being used in this client session"

"The SSNID being used for this client session does not match with the metadata stored on the Web Option server side. Close this window and login into a new Web Option client session."

Additional Information

Please follow the below instructions to ensure the messages are merged correctly.

1) Upload the attached SAVF - YM87318156.SAVF to QGPL using FTP.

2) Restore the library YM87318156 from the uploaded SAVF
    RSTLIB SAVLIB(YM87318156) DEV(*SAVF) SAVF(QGPL/YM87318156)

3) Take a backup of the existing message file in the Test PTF library - YW87318156/YW2EMSG
    RNMOBJ OBJ(YW87318156/YW2EMSG) OBJTYPE(*MSGF) NEWOBJ(YW2EMSGBK)

4) Copy YW2EMSG from YM87318156 to YW87318156,
    CRTDUPOBJ OBJ(YW2EMSG)    
          FROMLIB(YM87318156) OBJTYPE(*MSGF) TOLIB(YW87318156)

         
5) Merge the message IDs using the following command
    MRGMSGF FROMMSGF(YW87318156/YW2EMSG)
        TOMSGF(<merged-web-option-product-library>/YW2EMSG)
        SELECT(W2A0022 W2A0023 W2A0024 W2A0025 W2A0026
                   W2A9013 W2A9014 W2A9015 W2E7003 W2T0069)

6) End the Web Option server and related HTTP server. Restart both servers.

After this, when we try to replicate the snooping, we should see the modified error message being displayed on the browser.