From: Atte Peltomaki (atte.peltomaki@f-secure.com)
Date: Tue May 17 2005 - 02:31:06 EDT
> i am pen-testing one of our clients and am seeing
> their web interface to the vpn concentrator (cisco)
> available publicly on the internet with the username
> /password page.
> How could i explain somebody tht it can be
> exploited...am sure this is not a good idea to hav ur
> vpn concnetrator interface on the public internet..but
> i cant find any vulenrabilites on the net ....to
> explain to the person....only thing i can think of is
> brute forcing the username pasword field...which is
> again a challenge for web vpn..any ideas??
> thanks
Well, if the page is entirely public, it shouldn't be too difficult to
create a similar page for phishing, then do some dns/arp/whatever
poisoning, and hope the admin is dumb enough not to be bothered about
SSL warning over changed cert (if SSL is being used).
--
____________
\ ______// Atte Peltomäki - Atte.Peltomaki@F-Secure.com
\ \\____ IT Engineer - IT Server Team
\ __// F-Secure Corp. PL 24, FIN-00181 Helsinki, Finland
\ \\ Tel: +358 9 2520 0700, direct: +358 9 2520 5423
\ // http://www.F-Secure.com
\/ Integrated Solutions for Enterprise Security
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:21 EDT