Vulnerabilities in several clientless SSL VPN products have been reported. Gathering authentication cookies etc. is reportedly possible. At time of writing US-CERT's advisory lists the status of about 90 vendors.
US-CERT Vulnerability Note VU#261869: http://www.kb.cert.org/vuls/id/261869 It appears that severity metric is remarkable high: 45,00. Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
