This system information can be used by an hacker to monitor the impact of a DOS attack.
RFE: limit access to this interface
V10K G2 appliance, running 7.7.3
Internal reference: L03
< picture available>
↧
WCG URL used for F5 health monitoring provides sensitive version information
↧
NO httponly flag set on the WS_SESSION cookie upon triton login (version 7.7.3 windows)
Logging into the Triton management interface ( W2k8-R2, with websense: 7.7.3) sets a WS_SESSION cookie.
This cookie is not protected by a httponly flag thereby raising the impact of a possible XSS vulnerability.
RFE: set the HTTPonly flag on session cookie.
Internal reference: M09
↧
↧
securit flaw: passwords are readable in HTM presentation of the source code of Triton (7.7.3) interface
From the gui one can read the passwords, this presents a leakage of very sensitive information
the picture below shows the credentials used for downloading the websense database.
RFE: passwords should not be readable from gui, please change this behavior.
Internal reference: M10
<< picture available >>
↧
the WCG 7.7.3. mgmt interface is not protected by a CSRF token
Interface is not protected by a CSRF token, making it vulnerable for malicious actions such as rebooting the
appliances via this interface. this attack could be setup up by a concealed iframe pointing to code loaded from a remote hostile server.
Below an illustration:
<< picture available >>
Internal reference : M11
↧
Investigative report on keyword?
How would i create a custom investigative report which searches "full urls" for a string? It would be for a specified date range and return user, source, and destination.
↧
↧
not able to download software/files from Microsoft sites
Hi
We have Cloud web security & users are not able to download software/files from Microsoft sites. can someone help me out.
↧
WCG supports weak SSL cipher lengths
Hacking audit against a WCG V10KG2 running 7.7.3 revealed weak SSL cipher support ( 56 bit)
Weak SSL ciphers are easily decrypted; and are therefore considered to be a security misconfiguration.
RFE: Please disable support for weakcipherlengths,
↧
unsafe redirect in the authentication handler of the proxy appliance
the proxy uses an unsafe redirect. One could use a specially crafted URL, encoded base64, which points to an internal host controlled by an hacker. the hacker could sent the following link via email to another internal user.
http://Proxy:8080/auth/?du=[urlinbase64]
To a user reading the email with this link, the url looks legitimate with a reference to the proxy and an internal host ( however, encoded in base64).
If the user should click on this link, the browser automatically send the user's credentials. If as shown below, the hacker runs a program in order to sniff the LTM Hashes sent, the hacker is than able to impersonate as a valid, trusted user.
V10K G2 appliance, running 7.7.3
Below proof, showing that this type of attack can be successful
RFE: please do not make use of this kind of redirection on an URL parameter.
INternal reference : M06
< picture available >
↧
apache daemon vulnerable in triton 7.7.3
The Triton management interface ( 7.7.3 on windows 2008 R2) runs a vulnerable apache daemon, in which for example the HTTPonly cookie can be read by javascript by an error in the "400 BAD REQUEST" message.
Used in combination with XSS the security provided by the httponly cookie can be circumvented, possibly leading to mis-use of the cookie
<<picture available>>
RFE: please use a newer version of apache for Triton ( at least 2.2.22 or higher )
Internal reference: M05
↧
↧
Allow modification of prompt for IWA
default prompt for Integrated Windows Authentication is fqdn of proxy\username and this causes confusion for guest users using non-domain computers because this default prompt will not work even if the correct password is entered.
To succesfully login they must modify the prompt.
by default the prompt is sent as: proxy1.example.com\username
user must then know to change to example\username
customer would like to have ability to change the prompt so all the user has to do is enter the password
↧
Custom block pages problem
Tell me, is it possible to have new custom html pages made up to show:
1. A red-background coloured blocked page for genuinely blocked pages, with no further "Continue button" clicking
2. A separate amber coloured background warning page for categories that are only set to warn the viewer before they hit the Continue button
I do NOT want to use the canned master.html, blockFrame.html, continueFrame.html, moreInfo.html pages with the iframe below the main block page because if you say "blocked" that confuses a lot of people when they can proceed to the Continue button and go directly to the page requested. They just don't see it because the screen is red and they think they've done something wrong.
I only want the user to hit a blocked page for blocked categories and to hit a warning page for warning sites. That's it. It should be simple. I'm not a novice, I'm a pretty knowldgeable computer guy, and if I can't figure this out, I wonder about those who don't have the knowledge to understand it.
Where can I define which page the system calls when a blocked event is triggered?
I'm pulling my hair out with this and it's been on the back burner because we haven't had time to sit with it. Now that it's coming forward again, I need to finish this up and then I can die happy.
Thanks for your help,
Dan
↧
Websense subscriptions.
Maybe you have been asked this question million times but I tried to search for the past one hour I didn't find a solution.
I have connected my web security 7.7.3 through Juniper firewall SSG 140 now the websense is monitoring all the IPs in the network. thus it is giving subscriptions.exceeded.
is there a way that I can let websense monitor only the 65 PCs I have?
I have a 75 users subscription and my DHCP server is covering Ips from XXX.XXX.XXX.50- XXX.XXX.XXX.200
and I have even less than 75 users.
I need help how to let the web security know that u have only this set of IPs to monitor.
↧
Endpoint Service "Websense SaaS Service" does not start
Hi,
on 4 pcs (WIN/ 64bit) I have had the problem, that after some days the enpoint Service "Websense SaaS Service" was not starting anymore. The only resolution was to uninstall and install the Endpoint service again. Anybody knows this issue?
Endpoint Version: 1.2.7.6.1138
thanks
↧
↧
Policy Server Service wont start
Hi
We are unable to start the policy server service. This is the error in the log file:
2013-07-12 15:43:34 WARN [8016, 10720] wbsn.PolicyBroker.AsyncWorkspaceCreatorImpl.Job - Failed to create a new workspace after 1 tries. (src/AsyncWorkspaceCreatorImpl.cpp:138)
2013-07-12 15:53:34 ERROR [8016, 11404] wbsn.PolicyBroker.PolicyDB.RemoteAdapter.PolicyBrokerWrapper - SoapSend WantRead timeout (src/PolicyBrokerWrapper.cpp:228)
2013-07-12 15:53:34 WARN [8016, 11404] wbsn.PolicyBroker.PolicyDB.RemoteAdapter.PolicyBrokerWrapper - wbsn::PolicyBroker::PolicyDB::CommException: NetworkError
(src/PolicyBrokerWrapper.cpp:285)
2013-07-12 15:53:34 WARN [8016, 11404] wbsn.PolicyBroker.AsyncWorkspaceCreatorImpl.Job - wbsn::PolicyBroker::PolicyDB::CommException: ClientProblem
caused by: wbsn::PolicyBroker::Common::SoapError: SOAP_EOF: Unexpected end of file, no input, or timeout while receiving data
(src/AsyncWorkspaceCreatorImpl.cpp:124)
2013-07-12 15:53:34 WARN [8016, 11404] wbsn.PolicyBroker.AsyncWorkspaceCreatorImpl.Job - Failed to create a new workspace after 1 tries. (src/AsyncWorkspaceCreatorImpl.cpp:138)
We are running version 7.5 on windows 2003 sp2. Any ideas?
All components are running on the same server and we are using MS ISA 2006 to proxy
Thanks
Andy
↧
Categorization of websites differ in V6.3 & V7
http://netcologne.dll.sourceforge.net/project/soapui/soapui/4.5.3/soapUI-x32-4.5.2.exe
Above website is categorized as Information Technology in V7 and Malicious Website in V6.3.
Is there a risk in re-categorizing this URL for V6.3 as we currently manage policies from both versions.
↧
"Exact Match" Fingerprint for Database Fingerprinting
Hello Guys,
When we work with File Fingerprinting we have the option to configure a "Exact Match" or "Content Similarity" fingerprinting task.
We don´t have this option for Database Fingerprinting, and i would like to suggest this feature on next releases.
use case: as an example, we have some costumer contact information that we want to monitor. This information consists of name, email and phone number.
Some false positives are being triggered on transactions involving numbers, and we had to disable that column from fingerprinting.
↧
aol search ad results are blocked
Hi,
Somehow aol search advertisement results are being blocked.
any ideas?
↧
↧
Websense Web Endpoint compatibility with Windows 8
Hi
I recently installed the web endpoint agent v7.7.1631 in my laptop with windows 8 and I noticed some strange behavior:
With Web Endpoint Installed AND Inside Corporate Network
IE > Doesnt have Internet access, only Intranet sites
Chrome> Have internet and intranet access
Firefox> Have Internet and Intranet Access
With Web Endpoint Installed AND Public WLAN
IE > Have Internet Access
Chrome> Have Internet Access
Firefox> Have Internet Access
__________
Now, What happens if I uninstall the Web Endpoint and I use only the link to the pac file?? (I understand that the web endpoint only forces the pac confirguration on the browsers, am I correct?)
IE > Have Internet Access
Chrome> Have Internet Access
Firefox> Have Internet Access
As per my understanding, I'm having problems with IE when I'm inside my corporate network and the web endpoint are Enabled, If I go out to a public network the IE and the web endpoint works fine
Anyone has the same problem than me?
↧
Approved organisational browsers for Internet access
I would like to see Websense be able to control which browsers type and versions are allowed to access the Internet. Browsers not meeting an approved list receive a block page. We are faced with having to support multiple version of IE within the organisation as an older version of IE is required for an internal application. The browser may pose a security risk in the future.
I'm sure Windows GPO could assist here and perhaps I'm missing something within Websense itself. But its a feature we would like to have.
↧
7.7.3 upgrades
Just wanted to know how your experiences of upgrading to 7.7.3 have been. We are looking at going from 7.7.0 to 7.7.3 and would just like to know if anyone has experienced any pain. Obviously web/mail is a crucial system and I'm just doing some prep work to make sure nothing breaks when I do this.
Cheers
↧