Posted by RedTeam Pentesting GmbH on Jun 10

Advisory: Alcatel-Lucent OmniSwitch Web Interface Cross-Site Request Forgery

During a penetration test, RedTeam Pentesting discovered a vulnerability
in the management web interface of an Alcatel-Lucent OmniSwitch 6450.
The management web interface has no protection against cross-site
request forgery attacks. This allows specially crafted web pages to
change the switch configuration and create users, if an administrator
accesses the website…