Top

Core Security Technologies Discovers XSS Vulnerability in Cisco Security Tools

February 2, 2010 by · Comments Off on Core Security Technologies Discovers XSS Vulnerability in Cisco Security Tools 

Web Hosting ToolsBOSTON РCore Security Technologies, provider of the CORE IMPACT family of comprehensive enterprise security testing solutions, today issued an advisory disclosing a vulnerability that could affect large numbers of organizations using Cisco’s Secure Desktop security package and leave users of the product open to potential Cross-Site Scripting (XSS) attacks.

A security consultant working in CoreLabs, the research arm of Core Security Technologies, found that affected versions of Cisco Secure Desktop mishandle some browser requests therein making end users vulnerable to targeted online attacks that seek to exploit the XSS vulnerability that is created by the malfunction. Cross-Site scripting threats can be used to do everything from stealing IT systems log-in credentials to tricking people into visiting fraudulent phishing and malware-distribution sites. Read more

Bottom