Ingate Firewall and SIParator XSS vulnerability

[Per Cederqvist]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Product: Ingate Firewall and Ingate SIParator
Versions: 4.2.0 and newer
Tracking ID: 2174

Summary
=======

A vulnerability for XSS exploits have been found in our Ingate Systems
Firewall and SIParator products.

The security cookie used for accessing the web interface of the
product may be stolen and used for logging in to the product from a
host or network configured to be accepted for configuration.

The attack requires knowledge about the IP address of the Ingate
product in use.  The administrator must be tricked to follow a link on
a malicious web site using the same client and browser he or she uses
for accessing the Ingate product.  This may enable the malicious site
to steal the cookie without the administrators notice.

The timing of the theft is critical, since the security token has a
limited lifetime of 10 minutes.  The administrator must follow a link
on the malicious site within 10 minutes after accessing the Ingate
product, or the attack will fail.

Workaround
==========

To minimize the risk of this happening Ingate recommends that access
control setup in the Ingate product is kept as tight as possible.
Only internal networks, trusted VPN tunnels or specific IP addresses
should be allowed to configure the Ingate product.  Additionally it is
important to always log out before accessing other sites.

Solution
========

This issue will be fixed in an upcoming release.

Thanks
======

We would like to thank Jonas Stare at Dreampark AB who found and
reported this issue to us.

Further questions regarding this issue can be directed to
support@ingate.com.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 and Gnu Privacy Guard <http://www.gnupg.org/>

iD8DBQFDJVjETl5zjNKUYI4RAuujAJ9TjvezO+DNveEbt+iM/UM2sQWUSgCfclK+
+zklli4Zk9PmW3TfJIan0PM=
=+SfV
-----END PGP SIGNATURE-----