Family: CGI abuses --> Category: infos
SiteMinder HTML Page Injection Vulnerability Vulnerability Scan
Vulnerability Scan Summary
Checks for a flaw in SiteMinder
Detailed Explanation for this Vulnerability Test
The remote host is running Netegrity SiteMinder, an access management solution.
The remote version of this software is vulnerable to a page injection flaw
which may allow a possible hacker to trick users into sending him their username
and passwords, by sending them a link to the 'smpwservicescgi.exe' program
with a rogue TARGET argument value which will redirect them to an arbitrary
website after they authenticated to the remote service.
Solution : Upgrade to the newest version of this software
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.