Thread: PacketFence NAC update closes XSS holes
View Single Post
  #1   (View Single Post)  
Old 25th October 2011
J65nko J65nko is offline
Administrator
  
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,131
Default PacketFence NAC update closes XSS holes
From http://h-online.com/-1366236

Quote:
Version 3.0.2 – a maintenance and security update – of the PacketFence open source network access control (NAC) system has been released. According to the Inverse development team, the update addresses two vulnerabilities in the captive portal and administrative interface that could have been exploited by an attacker to conduct cross-site scripting (XSS) attacks. Versions prior to 3.0.2 are affected; all users are advised to update to the new version.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote