RE: Cisco VPN Concentrator GUI

["Todd Towles" <toddtowles () brookshires com>]

Well, it seems to be bad idea to open the control web interface to the
internet...kinda like having your TSM Backup server web interface open
to the internet. Since Johnny Long's website
(http://johnny.ihackstuff.com/) is currently now, I can't give you the
extra search string needed to find Cisco VPN or TSM web interfaces on
Google, but they are there.

Why expose the service to the internet? Sure a exploit may not be out
now, but what would happen if a XSS or Directory attack came out for the
VPN web interface? How long would it take a person with a exploit to
find their box? One google search, a matter of seconds. If the interface
was only exposed to certain internal subnet, this future possible threat
would be greatly reduced.

I don't have Cisco VPN concentrator, so I am not sure what all you can
do the the config on it, but as a best practice method, I wouldn't
expose it to internet if I didn't have to.

-Todd

> -----Original Message-----
> From: kaps lock [mailto:kapsloc1978 () yahoo com] 
> Sent: Sunday, May 15, 2005 10:09 PM
> To: pen-test () securityfocus com
> Subject: Cisco VPN Concentrator GUI
>
> hi all,
> i am pen-testing one of our clients and am seeing their web 
> interface to the vpn concentrator (cisco) available publicly 
> on the internet with the username /password page.
> How could i explain somebody tht it can be exploited...am 
> sure this is not a good idea to hav ur vpn concnetrator 
> interface on the public internet..but i cant find any 
> vulenrabilites on the net ....to explain to the 
> person....only thing i can think of is brute forcing the 
> username pasword field...which is again a challenge for web 
> vpn..any ideas??
> thanks
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam?  Yahoo! Mail has the best spam protection 
> around http://mail.yahoo.com