Cisco Bug: CSCum91723 - YT EDU:Security issue with User signin failure for CX Header Injection
Aug 19, 2016
- Cisco ASA Next-Generation Firewall Services
Known Affected Releases
Symptom: Security issue with User signin failure for CX Header Injection Conditions: with header injection enabled, users get redirected to youtube.com/education URL. youtube edu doesn't allow users to sign in for students,it only allows school administrator and teachers to signin. If students tries to sign in they get a login failure error message and they think that they have not signed in to google accounts. But in another tab, if we open gmail.com, the session is opened and users get access to emails. This leaves a security risk when multiple students use the same system for accessing the youtube.com/education.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases