Symantec GeoTrust Security Center Blind XSS

1376

05 March 2020

31 August 2016

CLOSED

MEDIUM

6.9

SUMMARY

 

Symantec has addressed an issue found in the GeoTrust Security Center Management portal used for issuing digital SSL/TLS certificates. The portal was vulnerable to a blind cross site scripting (XSS) attack due to a failure to properly sanitize user-supplied input. This could potentially allow an attacker to gain unauthorized information and management tools available through the GeoTrust Security Center portal.

AFFECTED PRODUCTS

 

PRODUCT

SOLUTION

Symantec GeoTrust Security Center

Product is already update (hosted solution). No manual update or patching is required.

ISSUES

 

Symantec GeoTrust Security Center Management Console Blind Cross-Site Scripting Vulnerability

 

BID: N/A

Severity: Medium (CVSSv3: 6.9) - AV:N/AC:H/PR:N/UI:R/S:C/C:L/I:H/A:N

Impact: Blind Cross Site Scripting

Exploitation: None

Date patched: August, 2016

 

The Symantec GeoTrust Security Center Management Console is vulnerable to a Blind XSS issue. XSS issues may arise when user input and server output is insufficiently validated and sanitized.

 

During the initial registration on Security Center the malicious user supplies specifically-formatted input to one of the required user-input fields. Following registration, this payload is stored in the backend systems and remains dormant till an internal user accessed a user-action page on the internal Security Center site and, unknown to them, triggers the specifically-formatted script. Unlike in normal blind XSS attacks, an attacker taking advantage of this vulnerability may be able to control, to some extent, the target output location for the payload script. Therefore an attacker with sufficient knowledge of the site may be able to use this vulnerability to gain access to areas which they are not normally permitted.

 

MITIGATION

 

Symantec engineers verified and resolved this issue, performing additional extensive testing of all site content. No customer upgrade is required.

 

Symantec is not aware of exploitation of or adverse impact from this finding.

ACKNOWLEDGEMENTS

 

  • Matthew Bryant (aka Mandatory)