Reminded me of a bug I found in an EAL4 certified military encryption product.
The source code actually says "FIXME - need to add parameter validation." So instead of spending a few minutes adding input sanitisation, the developers just added a reminder that none exists and shipped the product as-is. One of those face slap moments. -Patrick On Wed, May 1, 2013 at 8:36 PM, Thierry Zoller <[email protected]> wrote: > > > You got to be kidding me... > > >> FORTICLIENT VPN CLIENT CREDENTIAL INTERCEPTION VULNERABILITY > > >> When the FortiClient VPN client is tricked into connecting to a proxy >> server rather than to the original firewall (e.g. through ARP or DNS >> spoofing,) it detects the wrong SSL certificate but it only warns the >> user _AFTER_ it has already sent the password to the proxy. >> > > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
