Holes found in SonicWall god box

Powered by SC Magazine
 

Pen tests poke holes in NSA 4500.

Update: SonicWall has patched the flaws.

 Multiple vulnerabilities have been found in SonicWall’s Network Security Appliance (NSA) 4500.

Hugo Vázquez Caramés, chief executive of a Barcelona-based penetration testing firm, said the flaws were found during an ethical hack against a customer’s wireless network.

Caramés reported that MAC spoofing protection contained in the NSA 4500 unified threat management device was incompatible and would fail when used with SonicWall’s SonicPoint wireless access points.

Carames

Penetration testers had conducted ARP spoofing attacks against a customer’s network and found MAC spoofing protection had failed but appeared functional to administrators.

“Customers don't know they are unprotected even if they have the MAC spoofing activated,” Caramés said.

He said SonicWall had confirmed the vulnerability. SonicWall Australia was investigating the disclosure but could not confirm the report by the time of publication.

A vulnerability was also found in the NSA 4500 web administrator interface which would execute malicious JavaScript in a form labelled "Login page content".

Caramés had performed session hijacking against the NSA 4500 using brute force attacks.

He said the device generated weak HTTP session identities which were stored in the sessid cookie variable.

“From a LAN, 10 percent of all IDs can be brute forced in one day. The more administrators are logged in, the more dangerous is the scenario, and easier is the brute force attack.”

He posted the brute force attack used to hijack sessions.

GET /log.wri HTTP/1.0

 

Host: 123.123.123.123

 

Connection: close

 

User-Agent: brute-forcing

 

Cookie: SessId=111111111

SessId equals the variable which changes in each request. Host is the SonicWall IP address. A 200 HTTP response and SonicWall logs will appear if the attack was successful.

Update: SonicWall has said the "medium severity" vulnerabilities (SonicOS Management SessionID Brute Force Vulnerability and Preview of Custom Web Page Vulnerability) have been patched.

The fixes are availabe on its support website.

Copyright © SC Magazine, Australia


Holes found in SonicWall god box
 
 
 
Top Stories
Meet FABACUS, Westpac's first computer
GE225 operators celebrate gold anniversary.
 
NSW Govt gets ready to throw out the floppy disks
[Opinion] Dominic Perrottet says its time for government to catch up.
 
iiNet facing new copyright battle with Hollywood
Fighting to protect customer details.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
In which area is your IT shop hiring the most staff?




   |   View results
IT security and risk
  25%
 
Sourcing and strategy
  12%
 
IT infrastructure (servers, storage, networking)
  22%
 
End user computing (desktops, mobiles, apps)
  15%
 
Software development
  26%
TOTAL VOTES: 329

Vote
Would your InfoSec team be prepared to share threat data with the Australian Government?

   |   View results
Yes
  57%
 
No
  43%
TOTAL VOTES: 136

Vote