Thread Info
  • State Suggested Answer
  • +1 person also asked this people also asked this
  • Replies 5 replies
  • Answers 2 answers
  • Subscribers 7 subscribers
  • Views 6004 views
  • Users 0 members are here
Options
Suggested

Planned Login-Screen-Change for 17.5 final?

HuberChristian

Is your sales department planning to change the Login-Screen again with final 17.5?
I wish this not to be the case, because it should be kind of hidden so not anybody can figure out the Version the XG is running, only by looking at the Login Page.

Additionally this Graphic currently takes 130kb and the whole Website for the Login-Page 2.2 Mbytes (common_min.js is 838kb, jQueryYUI.js is 574KB etc. etc.)
This makes the Login-Page well suited for a DOS Attack. A Security Product should be optimized to minimize the Attacker's Surface.
So for other vendors (For Example Fortinet) it takes 22kb to load the whole Login-Page.

 

Edit: I'm fully aware not to present the Firewall's HTTPS Access to the whole world, and I know how this can be limited, that's not the Issue.

Parents Reply Children
  • 0 in reply to Aditya Patel

    That article does nothing to explain how the vulnerability was fixed. Our PCI compliance scanning company will not accept that article and is still failing us on PCI compliance. They're scanning tools still see 2.1.3 and they said it needs to be 3.0 .0 or higher. Since your article provides no information about how the vunerability was patched they cannot give us a exception.

     

    Not only that but as mentioned why does such a simple login page take over 2 megabytes of data transfers.

  • 0 in reply to AllanD

    AllanD said:
     

    And 
    Unknown said:
     

    At present, Login Page asset size is 693 kb (screen shot below). We currently load various micro functionalities of JS files into a single large JS file. Not all of the functionalities are being used by login screen and there is a scope for optimization.

    Appreciate your feedback and concern - we will consider this optimization in the future version.

Unfiltered HTML