Info

Disclosure

Aug 10, 2004

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Symantec Clientless VPN Gateway contains a flaw that may allow an attacker to change the single signon credentials of arbitrary users through the end user UI. No further details have been provided.

Classification

Location: Location Unknown
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Unknown
Disclosure: OSVDB Verified
OSVDB: Security Software

Solution

Currently, there are no known workarounds or upgrades to correct this issue. However, Symantec Corporation has released a hotfix v.SCVG5-20040806-00 to address this vulnerability.

Products

Symantec Corporation

Clientless VPN Gateway Model 4400 Series

5.0

References

Secunia Advisory ID: 12254
CVE ID: 2004-1483 (see also: NVD)
Related OSVDB ID: 8507 8508 8509 8511 8512
Other Advisory URL: ftp://ftp.symantec.com/public/english_us_canada/products/sym_clientless_vpn/sym_clientless_vpn_5/updates/hf3-readme.txt
Vendor URL: http://www.symantec.com/

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/8510