There is a bug in the remote proxy server admin part of Winroute 3.04g. I have tested it on an earlier release (3.04a), and that is also vulnerable. When you first access the admin proxy server, it asks for a username and password to authenticate to. If you hit 'cancel', one frame will come back as not containing any data, but the other frame will still give you all the buttons that you need to configure the software - giving you full access. This is a semisortakindaserious bug, as anyone using Winroute can be disconnected from the Internet by anyone else in the world, as they can authenticate to the admin proxy server without a user name and password. - Michael R. Rudel (mrrat_private) - Computer Tech - Pinckney Community Schools
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:53 PDT