Vulnerability Development mailing list archives
Re: Query
From: Blue Boar <BlueBoar () thievco com>
Date: Tue, 16 Jul 2002 13:54:02 -0700
TLR () portcullis-security com wrote:
Recently, whilst performing a Penetration Test I developed a Java script which, with the use of some tools, disables a well known personal firewall. This personal firewall was designed as is used so that the company can centrally control what Hosts and Networks a user can access via the use of profiles. Can you see what it is yet? Anyway, would you guys consider the ability to disable the firewall remotely a vulnerability or does it fall simply in the arena of technique in the use of already existing tools and vulnerabilities?
Or you could just post the details, so it can be decided with all the available information. I mean that seriously, it is kind of the main charter of the list. Are you trying to decided so you can warn the vendor ahead of time?
BB