Full Disclosure mailing list archives

Re: HTTP AUTH BASIC monowall.

From: Michael Holstein <michael.holstein () csuohio edu>
Date: Wed, 15 Mar 2006 12:39:06 -0500

    As suspected... so I am correct; and it is a security threat. I can
compromise a network, arp poison it, MiTM, access the firewall,
distributed metastasis, presto... owned...

If you're at a point where you have access to the broadcast mediumshared by the firewall -- why would you even need to setup a MitM attachagainst it -- you're already in.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Re: HTTP AUTH BASIC monowall., (continued)
- - - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
    - Re: HTTP AUTH BASIC monowall. Jeremy Bishop (Mar 16)
    - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
    - Re: HTTP AUTH BASIC monowall. Nick FitzGerald (Mar 16)
    - Re: HTTP AUTH BASIC monowall. Felix Lindner (Mar 17)
    - Re: HTTP AUTH BASIC monowall. Brian Eaton (Mar 17)
    - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 17)
    - Re: HTTP AUTH BASIC monowall. Jason (Mar 17)
    - Re: HTTP AUTH BASIC monowall. Mark Coleman (Mar 16)
    - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 16)
    - Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Michael Holstein (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Nick FitzGerald (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
    - Re: HTTP AUTH BASIC monowall. bkfsec (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Tim (Mar 15)
    - Re: HTTP AUTH BASIC monowall. Simon Smith (Mar 15)

(Thread continues...)