Description of CVE-2018-0296 error – bypassing authorization in Cisco ASA web interface.

In this text we describe CVE-2018-0296 error concerning Cisco ASA devices, publicized 6th of June by Cisco. Officially, vulnerability was classified as Denial Of Service, although our report concerned a different type of error. More details below. A word of introduction:Cisco ASA device (Adaptive Security Appliance) is very popular and is often a part of …

WebSocket protocol security in practice

The dynamic development of web applications leads to a situation in which, for some time now, there has been a demand for the introduction of asynchronous data exchange between the client and the application server. The commonly used HTTP protocol is stateless, based on the query sent to the server and the answer given – …