i recently got an rv042 and updated to the most recent (v4.0.4.02-tm (Jul 4 2011 13:30:56)) firmware. but the input to the login page isn't sanitized and seems to be a gaping xss vulnerability. if i enter
edit - looks like disabling Unauthorized Login Attempt logging will prevent the username from being written into the log. so that mitigates the danger. but it's enabled by default and that's the kind of thing i like to see in logs. seems like it deserves a fix.
User Experience Enhancements
As part of the Cisco Common User Experience program, we are working towards a more uniform user experience and terminology alignment. This program runs across all Cisco security products.
Early Access introduces a...
This video features a step by step walk through of configuring Cisco AnyConnect on FTD managed by FMC. Timestamps included for certificate installation, Access Control, Licensing, NAT, and Deployment failures.
I am trying to solve a CSR signing issue in a home lab.Can someone clarify this theoretical point? According to Wikipedia: "Before creating a CSR, the applicant first generates a key pair, keeping the private key secret. The...
Threat Response integrates with Cisco's Web Security Appliance (WSA) to provide visibility into web-bourne threats. By adding a Web Security or SMA Web module to Threat Response, investigators will be able to search for domains, URLs, and file hashes th...
I was helping some friends and they were trying to solve a scalable VPN issues, specially these days with the pandemic situation.
I recommended to implement ASA VPN Load-Balancing.
This will allow to keep 1 FQDN for all RA-VPN users an...