2FA VPN Authorization email link is vulnerable to XSS injection

Options
inchica
inchica Posts: 10 image  Freshman Member
First Comment Friend Collector First Anniversary
Hello,

We have recently enabled 2 Factor Authentication for VPN Access on a Zywall 110.  We noticed that the Authentication link is vulnerable to XSS injection, as displayed below:

https://Address/2FA-access.cgi?key=%22;%20alert(1)//

We removed the Address, but this is the link that is sent via email.  We have modified the key to show a proof of concept.  

Will there be a fix for this in future firmware updates?

We look forward to your reply.

All Replies

  • Zyxel_Emily
    Zyxel_Emily Posts: 1,492 image  Zyxel Employee
    Zyxel Certified Network Administrator - Security Zyxel Certified Sales Associate 100 Answers 1000 Comments
    Options
    We are aware of this issue and will fix it in the next official version.