Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Pen-Test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Cisco VPN Concentrator GUI

from [Erik Kamerling] Network Security [Permanent Link]
Subject: Re: Cisco VPN Concentrator GUI
Date: Tue, 17 May 2005 10:13:08 -0400 
My original response never made it so here it is again.

On Sunday 15 May 2005 23:09, kaps lock wrote:

i cant find any vulenrabilites on the net ....to
explain to the person....only thing i can think of is
brute forcing the username pasword field...which is
again a challenge for web vpn..any ideas??
thanks


Hi Kaps Lock,

You might want to impart info to your client regarding the common sense 
security measure of limiting access to the HTTPS interface on the 
concentrator to only trusted management hosts or internal networks. 

Enabling uncontrolled public side HTTP(S) management of a VPN concentrator 
gives out way more info re: their VPN than most people would want IMHO.

I don't believe HTTP(S) is enabled by default (at least on a public interface) 
on a 3000 series concentrator so someone turned it on most likely.

3000 series concentrators are vulnerable to a SSL attack prior to version 
4.1.7.A so you might want to point this out to them. The attacker does not 
need to authenticate and can effectively reload the device or make it drop 
user connections. 

Here is the advisory -> 
http://www.cisco.com/warp/public/707/cisco-sa-20050330-vpn3k.shtml

And a more general view on 3000 vulnerabilities ->
http://www.cisco.com/warp/public/707/vpn3k-multiple-vuln-pub.shtml

Best Wishes,

Erik Kamerling
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Cisco VPN Concentrator GUI, Atte Peltomaki
Next by Date:  Port 9090 WServer??, xyberpix
Previous by Thread:  Re: Cisco VPN Concentrator GUI, Atte Peltomaki
Next by Thread:  RE: Cisco VPN Concentrator GUI, Todd Towles
Indexes:  [Date] [Thread] [Top] [All Lists]