RE: Cisco VPN Concentrator GUI
From: kaps lock (kapsloc1978_at_yahoo.com)
Date: 05/18/05
- Previous message: Pablo Fernández: "Re: penetrating web-based authentication if you know one of the usernames"
- Next in thread: Petr.Kazil_at_eap.nl: "Exchange mail server settings - easy dump possible?"
- Reply: Petr.Kazil_at_eap.nl: "Exchange mail server settings - easy dump possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Wed, 18 May 2005 12:09:22 -0700 (PDT) To: "Johnson, Joey" <Joey.Johnson@MWAA.com>, pen-test@securityfocus.com
Thanks all for your replies.
For memebers who had doubts on it being a HW CLIENT
,it is a VPN Conentrator admin GUI.....can i tell them
a brute forcer can be used to guess username
passwords....if yes wht kind a brute forcer cud be
used on a vpn admin login??
thanks again !!
kaps
--- "Johnson, Joey" <Joey.Johnson@MWAA.com> wrote:
> Agreed with James.
> Also it could just be the browser login interface
> for Cisco 3002 HW
> Client authentication.
>
>
>
> -----Original Message-----
> From: James Williams
> [mailto:jwilliams@mail.wtamu.edu]
> Sent: Monday, May 16, 2005 10:21 AM
> To: kaps lock; pen-test@securityfocus.com
> Subject: RE: Cisco VPN Concentrator GUI
>
> Are you sure that it's not the SSL VPN Interface for
> remote access? By
> default the administration interface is only
> accessible from the inside
> interface, which means that it wouldn't be publicly
> available to the
> Internet unless somebody purposely made it
> available.
>
> James Williams, GISF
> Network Systems Technician
>
>
> -----Original Message-----
> From: kaps lock [mailto:kapsloc1978@yahoo.com]
> Sent: Sunday, May 15, 2005 10:09 PM
> To: pen-test@securityfocus.com
> Subject: Cisco VPN Concentrator GUI
>
> hi all,
> i am pen-testing one of our clients and am seeing
> their web interface to the vpn concentrator (cisco)
> available publicly on the internet with the username
> /password page.
> How could i explain somebody tht it can be
> exploited...am sure this is not a good idea to hav
> ur
> vpn concnetrator interface on the public
> internet..but
> i cant find any vulenrabilites on the net ....to
> explain to the person....only thing i can think of
> is
> brute forcing the username pasword field...which is
> again a challenge for web vpn..any ideas??
> thanks
>
> __________________________________________________
> Do You Yahoo!?
> Tired of spam? Yahoo! Mail has the best spam
> protection around
> http://mail.yahoo.com
>
>
>
__________________________________
Yahoo! Mail Mobile
Take Yahoo! Mail with you! Check email on your mobile phone.
http://mobile.yahoo.com/learn/mail
- Previous message: Pablo Fernández: "Re: penetrating web-based authentication if you know one of the usernames"
- Next in thread: Petr.Kazil_at_eap.nl: "Exchange mail server settings - easy dump possible?"
- Reply: Petr.Kazil_at_eap.nl: "Exchange mail server settings - easy dump possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
