Bug in Winroute 3.04g

From: Michael R. Rudel (mrrat_private)
Date: Thu Apr 08 1999 - 21:37:05 PDT

Next message: Anto Veldre: "Lotus Notes Locations & DST"

Previous message: pedwardat_private: "Re: Webcom's CGI Guestbook for Win32 web servers"
Next in thread: Max Vision: "Re: Bug in Winroute 3.04g"
Reply: Max Vision: "Re: Bug in Winroute 3.04g"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

There is a bug in the remote proxy server admin part of Winroute 3.04g.
I have tested it on an earlier release (3.04a), and that is also
vulnerable.

When you first access the admin proxy server, it asks for a username and
password to authenticate to. If you hit 'cancel', one frame will come
back as not containing any data, but the other frame will still give you
all the buttons that you need to configure the software - giving you
full access.

This is a semisortakindaserious bug, as anyone using Winroute can be
disconnected from the Internet by anyone else in the world, as they can
authenticate to the admin proxy server without a user name and password.

- Michael R. Rudel (mrrat_private)
- Computer Tech
- Pinckney Community Schools

Next message: Anto Veldre: "Lotus Notes Locations & DST"
Previous message: pedwardat_private: "Re: Webcom's CGI Guestbook for Win32 web servers"
Next in thread: Max Vision: "Re: Bug in Winroute 3.04g"
Reply: Max Vision: "Re: Bug in Winroute 3.04g"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:41:53 PDT