Title: Novell BorderManager User Impersonation Vulnerability
Severity: MODERATE
Description:
Novell BorderManager implements an application called ClientTrust to handle login procedures. ClientTrust listens on port 3024 of the user's machine for authentication requests from BorderManager whenever the user attempts to access the web. This mechanism makes it feasible for an unauthenticated user to masquerade as an authorized user due to the fact that it does not verify the origin of the access request.
This may be accomplished through port redirection on port 3024. First, an attacker would need to pick a machine in use by the person they want to impersonate (the target). Second, they set up port forwarding on their own system, so that any requests made to port 3024 are forwarded to the target's machine. Then, they make their request. THe BorderManager server queries the attacker's machine. The attacker forwards the query to the target, which responds with the correct information. The BorderManager server then allows the request.
This can lead to two seperate risks: Unauthorized content access, and character attacks by accessing questionable websites using the target's credentials.
The correct IP address of the attacker's machine will be logged.
Affected Products:
- Novell BorderManager 3.0.0
- Novell BorderManager 3.5.0
References:
- Novell: BorderManager Product Homepage
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
