Bugtraq mailing list archives
Bug in Winroute 3.04g
From: mrr () DODDS NET (Michael R. Rudel)
Date: Fri, 9 Apr 1999 00:37:05 -0400
There is a bug in the remote proxy server admin part of Winroute 3.04g. I have tested it on an earlier release (3.04a), and that is also vulnerable. When you first access the admin proxy server, it asks for a username and password to authenticate to. If you hit 'cancel', one frame will come back as not containing any data, but the other frame will still give you all the buttons that you need to configure the software - giving you full access. This is a semisortakindaserious bug, as anyone using Winroute can be disconnected from the Internet by anyone else in the world, as they can authenticate to the admin proxy server without a user name and password. - Michael R. Rudel (mrr () mrr cx) - Computer Tech - Pinckney Community Schools
Current thread:
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight, (continued)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Michal Zalewski (Mar 07)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Pavel Machek (Apr 09)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Luca Berra (Apr 10)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Miguel de Icaza (Apr 11)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Pavel Machek (Apr 09)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Michal Zalewski (Mar 07)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Miguel de Icaza (Apr 05)
- Multiple WinGate Vulnerabilities[Tad late] Marc (Apr 05)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Stefan Rompf (Apr 06)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Viktor Fougstedt (Apr 07)
- security hole (READ AS: security chasm) in ICQ-Webserver DaChronic (Apr 07)
- Re: security hole (READ AS: security chasm) in ICQ-Webserver sven () MSC-MEDIA COM (Apr 08)
- Bug in Winroute 3.04g Michael R. Rudel (Apr 08)
- Re: Bug in Winroute 3.04g Max Vision (Apr 09)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Viktor Fougstedt (Apr 07)
- Re: ipop3d (x2) / pine (x2) / Linux kernel (x2) / Midnight Casper Dik (Apr 08)