Monday, February 10, 2014

Junos Webauth Reflected XSS

I discovered a reflected xss in junos srx webauth



/webauth/webauth_login.php?target=&auth_id=&ap_name=">[HTML] , for example


update

this issue seems to be reported previously but it's not yet fixed. The reply from juniper when informing them about this issue:

"

Hi Thomas,

Thank you for contacting the Juniper SIRT.

This cross site scripting vulnerability is an issue that we are aware of. We are been working on a fix and are preparing to announce this issue in a future Junos security bundle, once all of the supported releases have been fixed. 

Thank you for bringing this to our attention though, as we do appreciate being notified when security issues are found in our products. 

Thanks,
Juniper SIRT

"