Thanks all for your replies.
For memebers who had doubts on it being a HW CLIENT
,it is a VPN Conentrator admin GUI.....can i tell them
a brute forcer can be used to guess username
passwords....if yes wht kind a brute forcer cud be
used on a vpn admin login??
thanks again !!
kaps
--- "Johnson, Joey" <Joey.Johnson@MWAA.com> wrote:
Agreed with James.
Also it could just be the browser login interface
for Cisco 3002 HW
Client authentication.
-----Original Message-----
From: James Williams
[mailto:jwilliams@mail.wtamu.edu]
Sent: Monday, May 16, 2005 10:21 AM
To: kaps lock; pen-test@securityfocus.com
Subject: RE: Cisco VPN Concentrator GUI
Are you sure that it's not the SSL VPN Interface for
remote access? By
default the administration interface is only
accessible from the inside
interface, which means that it wouldn't be publicly
available to the
Internet unless somebody purposely made it
available.
James Williams, GISF
Network Systems Technician
-----Original Message-----
From: kaps lock [mailto:kapsloc1978@yahoo.com]
Sent: Sunday, May 15, 2005 10:09 PM
To: pen-test@securityfocus.com
Subject: Cisco VPN Concentrator GUI
hi all,
i am pen-testing one of our clients and am seeing
their web interface to the vpn concentrator (cisco)
available publicly on the internet with the username
/password page.
How could i explain somebody tht it can be
exploited...am sure this is not a good idea to hav
ur
vpn concnetrator interface on the public
internet..but
i cant find any vulenrabilites on the net ....to
explain to the person....only thing i can think of
is
brute forcing the username pasword field...which is
again a challenge for web vpn..any ideas??
thanks
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam
protection around
http://mail.yahoo.com
__________________________________
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
http://mobile.yahoo.com/learn/mail
