Vulnerability Development mailing list archives
Query
From: TLR () portcullis-security com
Date: Tue, 16 Jul 2002 15:51:02 +0100
I think I know the answer to this but I just wanted to get a straw Poll type opinion from you guys. Recently, whilst performing a Penetration Test I developed a Java script which, with the use of some tools, disables a well known personal firewall. This personal firewall was designed as is used so that the company can centrally control what Hosts and Networks a user can access via the use of profiles. Can you see what it is yet? Anyway, would you guys consider the ability to disable the firewall remotely a vulnerability or does it fall simply in the arena of technique in the use of already existing tools and vulnerabilities? Cheers,Liam.