Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Bug in Winroute 3.04g

From: mrr () DODDS NET (Michael R. Rudel)
Date: Fri, 9 Apr 1999 00:37:05 -0400

There is a bug in the remote proxy server admin part of Winroute 3.04g.
I have tested it on an earlier release (3.04a), and that is also
vulnerable.

When you first access the admin proxy server, it asks for a username and
password to authenticate to. If you hit 'cancel', one frame will come
back as not containing any data, but the other frame will still give you
all the buttons that you need to configure the software - giving you
full access.

This is a semisortakindaserious bug, as anyone using Winroute can be
disconnected from the Internet by anyone else in the world, as they can
authenticate to the admin proxy server without a user name and password.

- Michael R. Rudel (mrr () mrr cx)
- Computer Tech
- Pinckney Community Schools
Previous By Date Next
Previous By Thread Next

Current thread: