Penetration Testing mailing list archives
Re: Cisco VPN Concentrator GUI
From: Erik Kamerling <ekamerling () snaplen com>
Date: Tue, 17 May 2005 10:13:08 -0400
My original response never made it so here it is again. On Sunday 15 May 2005 23:09, kaps lock wrote:
i cant find any vulenrabilites on the net ....to explain to the person....only thing i can think of is brute forcing the username pasword field...which is again a challenge for web vpn..any ideas?? thanks
Hi Kaps Lock, You might want to impart info to your client regarding the common sense security measure of limiting access to the HTTPS interface on the concentrator to only trusted management hosts or internal networks. Enabling uncontrolled public side HTTP(S) management of a VPN concentrator gives out way more info re: their VPN than most people would want IMHO. I don't believe HTTP(S) is enabled by default (at least on a public interface) on a 3000 series concentrator so someone turned it on most likely. 3000 series concentrators are vulnerable to a SSL attack prior to version 4.1.7.A so you might want to point this out to them. The attacker does not need to authenticate and can effectively reload the device or make it drop user connections. Here is the advisory -> http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml And a more general view on 3000 vulnerabilities -> http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml Best Wishes, Erik Kamerling
Current thread:
- Cisco VPN Concentrator GUI kaps lock (May 16)
- Re: Cisco VPN Concentrator GUI Stephen Hassard (May 16)
- Re: Cisco VPN Concentrator GUI Atte Peltomaki (May 17)
- Re: Cisco VPN Concentrator GUI Erik Kamerling (May 17)
- <Possible follow-ups>
- RE: Cisco VPN Concentrator GUI Todd Towles (May 16)
- RE: Cisco VPN Concentrator GUI James Williams (May 16)
- RE: Cisco VPN Concentrator GUI Johnson, Joey (May 17)
- RE: Cisco VPN Concentrator GUI kaps lock (May 18)
- Exchange mail server settings - easy dump possible? Petr . Kazil (May 23)
- RE: Exchange mail server settings - easy dump possible? Robert Strom (May 24)
- Exchange mail server settings - easy dump possible? Petr . Kazil (May 23)