Bugtraq mailing list archives
MTPSR1-120 Firewall Proxy configuration software
From: "UkR security team™" <cuctema () ok ru>
Date: Wed, 11 Dec 2002 07:39:21 +0300
Product : MTPSR1-120 Firewall Proxy configuration software
Version : 3.0Vendor : Multi-Tech Systems, Inc. (http://www.multitech.com)
Remote : YesAuthor : UkR-XblP (cuctema () ok ru)/ UkR security team
Overview:Firewall Proxy configuration software default do not set a Firewall password and allow access via telnet protocol. As a result, the telnet port will be left exposed to unrestricted remote access. Remote users with malicious intent will be able to access the Firewall to change varius configs, such as IP, PPP/SLIP, WAN, Proxy, DHCP, Virtual Server or reset Firewall. Attackers can set their password, block webserver and registered users don't can login for change changes remote.
Solution:Set the password after setup and desirable to disable telnet access.
--- Professional hosting for everyone - http://www.host.ru
Current thread:
- MTPSR1-120 Firewall Proxy configuration software UkR security team™ (Dec 11)