Environment
NetIQ Access Manager 4.2
NetIQ Access Manager 4.1
Access Manager Admin Console
iManager
CVE-2016-5757
NetIQ Access Manager 4.1
Access Manager Admin Console
iManager
CVE-2016-5757
Situation
With the Admin Console iManager login page that includes iFrames, it is possible to include a third party application via a URL parameter. This can be used by attackers to do a phishing attack by including a website hosted by the attacker which looks like the page login.netiq.com but sends the login data to the attackers server instead.
Resolution
Apply NAM 4.2.2 patch for NAM 4.2; or apply NAM 4.1.2 Hot Fix 1 patch for NAM 4.1
As a workaround, one can use the tomcat CORS filter to add the SAME ORIGIN header to protect IFRAME (https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#CORS_Filter). There are many options to restrict the sending of data to another server and the easiest option may be to add the hostname to the "
As a workaround, one can use the tomcat CORS filter to add the SAME ORIGIN header to protect IFRAME (https://tomcat.apache.org/tomcat-8.0-doc/config/filter.html#CORS_Filter). There are many options to restrict the sending of data to another server and the easiest option may be to add the hostname to the "
cors.allowed.origins" configuration parameter. To enable this on the Admin Console (or Identity Server), do the following:a) Open the web.xml file. The web.xml file is located at the following location:
Linux: /opt/novell/nam/adminconsole/conf
Windows Server 2012: \Program Files (x86)\Novell\Tomcat\conf
b) Add the following tomcat filter configuration below any existing filter configurations:
<filter>
<filter-name>TomcatSameOriginFilter</filter-name>
<filter-class>org.apache.catalina.filters.HttpHeaderSecurityFilter</filter-class>
<init-param>
<param-name>antiClickJackingOption</param-name>
<param-value>SAMEORIGIN</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>TomcatSameOriginFilter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>