Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 7 subscribers
  • Views 6001 views
  • Users 0 members are here
Options
Suggested

Planned Login-Screen-Change for 17.5 final?

HuberChristian

Is your sales department planning to change the Login-Screen again with final 17.5?
I wish this not to be the case, because it should be kind of hidden so not anybody can figure out the Version the XG is running, only by looking at the Login Page.

Additionally this Graphic currently takes 130kb and the whole Website for the Login-Page 2.2 Mbytes (common_min.js is 838kb, jQueryYUI.js is 574KB etc. etc.)
This makes the Login-Page well suited for a DOS Attack. A Security Product should be optimized to minimize the Attacker's Surface.
So for other vendors (For Example Fortinet) it takes 22kb to load the whole Login-Page.

 

Edit: I'm fully aware not to present the Firewall's HTTPS Access to the whole world, and I know how this can be limited, that's not the Issue.

Parents Reply
  • 0 in reply to rfcat_vk

    rfcat_vk said:

    Thank you for the explanation as to why the screen takes a while to load. 

    Furthermore, it seems that a whole Jquery v2.1.3 is exposed via Webadmin. In past there existed some CVE, relating to specific Versions of JQuery. So far for that Version there is no known CVE. But this is one more point where Attacker's Surface is unnecessarily increased.

    Please send me Spam gueselkuebel@sg-utm.also-solutions.ch

Children
Unfiltered HTML