[15486] in bugtraq
Proxy+ Telnet Gateway Problems
daemon@ATHENA.MIT.EDU (Andrew Lewis)
Mon Jun 26 17:14:27 2000
Mime-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Message-Id: <Pine.BSF.4.10.10006261954210.87590-100000@unix.za.net>
Date: Mon, 26 Jun 2000 19:58:20 +0200
Reply-To: Andrew Lewis <wizdumb@UNIX.ZA.NET>
From: Andrew Lewis <wizdumb@UNIX.ZA.NET>
To: BUGTRAQ@SECURITYFOCUS.COM
The Problem:
------------
Many admins who use Proxy+ configure the remote administration port (which
works over HTTP) to only accept connections from the localhost.
Fortunately enough, the admin port doesn't allow connections which have
been bounced through the HTTP proxy. The telnet proxy, on the other hand,
is a different story. Oops.
Workaround:
-----------
Enable HTTP Basic authentication instead. And don't trust localhost only
security for anything.
Credit:
-------
Andrew Lewis aka. Wizdumb, One of the many losers from the MDMA crew
<www.mdma.za.net>
