Cisco Adaptive Security Appliance 8.x - Web VPN FTP or CIFS Authentication Form Phishing

EDB-ID:

33054




Platform:

Hardware

Date:

2009-05-24


source: https://www.securityfocus.com/bid/35475/info

Cisco Adaptive Security Appliance (ASA) is prone to a vulnerability that can aid in phishing attacks.

An attacker can exploit this issue to display a fake login window that's visually similar to the device's login window, which may mislead users.

This issue is tracked by Cisco Bug ID CSCsy80709.

The attacker can exploit this issue to set up phishing attacks. Successful exploits could aid in further attacks.

Versions prior to ASA 8.0.4.34 and 8.1.2.25 are vulnerable.


The following example is available:

/+CSCOE+/files/browse.html?code=init&path=ftp%3A%2F%2F7367632e726b6e7a6379722e70627a