Penetration Testing mailing list archives
Re: Cisco VPN Concentrator GUI
From: "Atte Peltomaki" <atte.peltomaki () f-secure com>
Date: Tue, 17 May 2005 09:31:06 +0300
i am pen-testing one of our clients and am seeing their web interface to the vpn concentrator (cisco) available publicly on the internet with the username /password page. How could i explain somebody tht it can be exploited...am sure this is not a good idea to hav ur vpn concnetrator interface on the public internet..but i cant find any vulenrabilites on the net ....to explain to the person....only thing i can think of is brute forcing the username pasword field...which is again a challenge for web vpn..any ideas?? thanks
Well, if the page is entirely public, it shouldn't be too difficult to
create a similar page for phishing, then do some dns/arp/whatever
poisoning, and hope the admin is dumb enough not to be bothered about
SSL warning over changed cert (if SSL is being used).
--
____________
\ ______// Atte Peltomäki - Atte.Peltomaki () F-Secure com
\ \\____ IT Engineer - IT Server Team
\ __// F-Secure Corp. PL 24, FIN-00181 Helsinki, Finland
\ \\ Tel: +358 9 2520 0700, direct: +358 9 2520 5423
\ // http://www.F-Secure.com
\/ Integrated Solutions for Enterprise Security
Current thread:
- Cisco VPN Concentrator GUI kaps lock (May 16)
- Re: Cisco VPN Concentrator GUI Stephen Hassard (May 16)
- Re: Cisco VPN Concentrator GUI Atte Peltomaki (May 17)
- Re: Cisco VPN Concentrator GUI Erik Kamerling (May 17)
- <Possible follow-ups>
- RE: Cisco VPN Concentrator GUI Todd Towles (May 16)
- RE: Cisco VPN Concentrator GUI James Williams (May 16)
- RE: Cisco VPN Concentrator GUI Johnson, Joey (May 17)
- RE: Cisco VPN Concentrator GUI kaps lock (May 18)
- Exchange mail server settings - easy dump possible? Petr . Kazil (May 23)
- RE: Exchange mail server settings - easy dump possible? Robert Strom (May 24)
- Exchange mail server settings - easy dump possible? Petr . Kazil (May 23)