ESP 403 Forbidden XSS Attack

Scope

When you have multiple domains configured on your LoadMaster, clients are required to enter their credentials in the format "domain\user" or "user@domain". 

In this type of scenario, it makes sense to have a greeting message notifying clients of this requirement, for example: 

Welcome to webmail.kemp.com, please enter your credentials in the format (domain\user or user@domain). 

The issue that arises here is that an XSS attack is triggered due to the backslash (\). This log message can been seen in System Configuration > Logging Options > Extended Log Files > ESP Security Log.

Solution

Escape the backslash in the greeting message with an additional backslash (\). 

Configuration

To configure a greeting message, follow the steps below in the LoadMaster Web User Interface (WUI):

  1. Go to Virtual Services > View/Modify Services.
  2. Click Modify on the relevant Virtual Service.
  3. Expand the ESP Options section.
  4. Ensure ESP is enabled.
  5. Ensure the Client Authentication Mode is set to Form Based.

  6. Enter the SSO Greeting Message, for example Welcome to webmail.kemp.com, please enter your credentials in the format (domain\\user or user@domain).
  7. Click Set SSO Greeting Message.
Was this article helpful?

0 out of 0 found this helpful

Comments