[24511] in bugtraq
Re: ... Tiny Personal Firewall ...
daemon@ATHENA.MIT.EDU (Maher Odeh)
Fri Mar 1 22:21:26 2002
Message-ID: <000701c1c110$d4babd50$0200a8c0@win2k>
From: "Maher Odeh" <rax@X-war.org>
To: "Andrew Barkley" <andrew.barkley@usa.net>, <bugtraq@securityfocus.com>
Date: Fri, 1 Mar 2002 13:04:17 +0200
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
hello
regarding the tiny firewall "bug", when you finish configuring the firewall
you must uncheck the "learning" mode, in this case the firewall wont popup
any window asking to permit or deny .
thanks ,
----- Original Message -----
From: "Andrew Barkley" <andrew.barkley@usa.net>
To: <bugtraq@securityfocus.com>
Sent: Thursday, February 28, 2002 4:53 PM
Subject: ... Tiny Personal Firewall ...
> Hi ...
>
>
> Scanning hosts running the Tiny Personal Firewall (2.0.15a) on W2K
> workstations that have been locked (ctl + alt + del)
>
> The popup alert/dialogue jumps to the foreground, thus open to accept
> permit/deny input from the local console, even when the workstations are
> locked (ctl + alt + del). Thus an untrusted individual whom has local
access
> to individuals workstations can scan a workstation/network, wait for the
popup
> alert dialogue and enter "permit" on unattended (locked workstations)
without
> the owners permission/knowledge, No need to first unlock (ctl + alt + del)
> ...
>
>
> CHEERS ...
