Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Cisco VPN Concentrator GUI

from [Stephen Hassard] Network Security [Permanent Link]
Subject: Re: Cisco VPN Concentrator GUI
Date: Mon, 16 May 2005 07:32:15 -0700 
Hi,

Are you talking about the Cisco's administrative interface, or the WebVPN interface? WebVPN allows users to access network resources through a web client. While this is obviously a point of concern, ACLs can be configured to limit access to resources for users.

I don't believe that the Cisco VPN Concentrator will lockout admin accounts after invalid login attempts, so exposing the admin interface would be of great concern.

later,
Steve

kaps lock wrote: 
hi all,
i am pen-testing one of our clients and am seeing
their web interface to the vpn concentrator (cisco)
available publicly on the internet with the username
/password page.
How could i explain somebody tht it can be
exploited...am sure this is not a good idea to hav ur
vpn concnetrator interface on the public internet..but
i cant find any vulenrabilites on the net ....to
explain to the person....only thing i can think of is
brute forcing the username pasword field...which is
again a challenge for web vpn..any ideas??
thanks

__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com

[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  RE: Cisco VPN Concentrator GUI, Todd Towles
Next by Date:  RE: Cisco VPN Concentrator GUI, James Williams
Previous by Thread:  Cisco VPN Concentrator GUI, kaps lock
Next by Thread:  Re: Cisco VPN Concentrator GUI, Atte Peltomaki
Indexes:  [Date] [Thread] [Top] [All Lists]