XSS vulnerability in webauth
An attacker may steal sensitive information or session credentials from firewall users.
New builds of Junos OS software are available from Juniper. As a workaround use Pass-Through Authentication rather than Web Authentication as an alternative form of firewall user authentication.
A reflected cross site scripting (XSS) vulnerability in SRX Web Authentication (webauth) may allow the stealing of sensitive information or session credentials from firewall users. This issue affects the device only when Web Authentication is used for firewall user authentication.
Junos OS 11.4, 12.1X44, 12.1X45, 12.1X46
Check the OS build.
Updated on 2015-03-25