Guest

Preview Tool

Cisco Bug: CSCum91723 - YT EDU:Security issue with User signin failure for CX Header Injection

Last Modified

Aug 19, 2016

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases

100.4(0.0.61)

Description (partial)

Symptom:
Security issue with User signin failure for CX Header Injection

Conditions:
with header injection enabled, users get redirected to youtube.com/education URL. youtube edu  doesn't allow users to sign in for students,it only allows school administrator and teachers to signin. If students tries to sign in they get a login failure error message and they think that they have not signed in to google accounts. But in another tab, if we open gmail.com, the session is opened and users get access to emails. This leaves a security risk when multiple students use the same system for accessing the youtube.com/education.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.