Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

MTPSR1-120 Firewall Proxy configuration software

From: "UkR security team™" <cuctema () ok ru>
Date: Wed, 11 Dec 2002 07:39:21 +0300
Product : MTPSR1-120 Firewall Proxy configuration software 
Version     :  3.0
Vendor : Multi-Tech Systems, Inc. (http://www.multitech.com) 
Remote      :  Yes
Author : UkR-XblP (cuctema () ok ru)/ UkR security team 
Overview:
Firewall Proxy configuration software default do not set a Firewall password and allow access via telnet protocol. As a result, the telnet port will be left exposed to unrestricted remote access. Remote users with malicious intent will be able to access the Firewall to change varius configs, such as IP, PPP/SLIP, WAN, Proxy, DHCP, Virtual Server or reset Firewall. Attackers can set their password, block webserver and registered users don't can login for change changes remote. 

Solution:
Set the password after setup and desirable to disable telnet access. 
---
Professional hosting for everyone - http://www.host.ru
Previous By Date Next
Previous By Thread Next

Current thread: