[28170] in bugtraq
MTPSR1-120 Firewall Proxy configuration software
daemon@ATHENA.MIT.EDU (UkR security =?windows-1251?Q?team)
Wed Dec 11 20:51:14 2002
From: "UkR security =?windows-1251?Q?team=99?=" <cuctema@ok.ru>
To: bugtraq@securityfocus.com
Date: Wed, 11 Dec 2002 07:39:21 +0300
Message-ID: <web-34802546@backend2.aha.ru>
MIME-Version: 1.0
Content-Type: text/plain; charset="windows-1251"; format="flowed"
Content-Transfer-Encoding: 8bit
Product : MTPSR1-120 Firewall Proxy configuration
software
Version : 3.0
Vendor : Multi-Tech Systems, Inc.
(http://www.multitech.com)
Remote : Yes
Author : UkR-XblP (cuctema@ok.ru)/ UkR security team
Overview:
Firewall Proxy configuration software default do not set a
Firewall password and allow access via telnet protocol. As
a result, the telnet port will be left exposed to
unrestricted remote access. Remote users
with malicious intent will be able to access the Firewall
to change varius configs, such as IP, PPP/SLIP, WAN,
Proxy, DHCP, Virtual Server or reset Firewall. Attackers
can set their password, block webserver and registered
users don't can login for change changes remote.
Solution:
Set the password after setup and desirable to disable
telnet access.
---
Professional hosting for everyone - http://www.host.ru
