Preview Tool

Cisco Bug: CSCum91723 - YT EDU:Security issue with User signin failure for CX Header Injection

Last Modified

Aug 19, 2016

Products (1)

  • Cisco ASA Next-Generation Firewall Services

Known Affected Releases


Description (partial)

Security issue with User signin failure for CX Header Injection

with header injection enabled, users get redirected to URL. youtube edu  doesn't allow users to sign in for students,it only allows school administrator and teachers to signin. If students tries to sign in they get a login failure error message and they think that they have not signed in to google accounts. But in another tab, if we open, the session is opened and users get access to emails. This leaves a security risk when multiple students use the same system for accessing the
Bug details contain sensitive information and therefore require a account to be viewed.

Bug Details Include

  • Full Description (including symptoms, conditions and workarounds)
  • Status
  • Severity
  • Known Fixed Releases
  • Related Community Discussions
  • Number of Related Support Cases
Bug information is viewable for customers and partners who have a service contract. Registered users can view up to 200 bugs per month without a service contract.