Fortech Proxy+ 2.30 Remote Administration Vulnerability
BID:1226
Info
Fortech Proxy+ 2.30 Remote Administration Vulnerability
| Bugtraq ID: | 1226 |
| Class: | Access Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | Yes |
| Published: | Dec 26 1999 12:00AM |
| Updated: | Dec 26 1999 12:00AM |
| Credit: | Published in Forbidden Knowlege Ezine #8 on December 26, 1999. |
| Vulnerable: |
Fortech Proxy+ 2.30 |
| Not Vulnerable: | |
Discussion
Fortech Proxy+ 2.30 Remote Administration Vulnerability
By default, Fortech Proxy+ can be remotely administered by any user possessing no authorization simply by connecting to http://target:4400/admin.
In addition, the telnet gateway is open by default which can accomodate for anonymous packet forwarding.
By default, Fortech Proxy+ can be remotely administered by any user possessing no authorization simply by connecting to http://target:4400/admin.
In addition, the telnet gateway is open by default which can accomodate for anonymous packet forwarding.
Exploit / POC
Fortech Proxy+ 2.30 Remote Administration Vulnerability
To remotely administer Proxy+ (given that the default port has not been changed):
http://target:4400/admin
To remotely administer Proxy+ (given that the default port has not been changed):
http://target:4400/admin
Solution / Fix
Fortech Proxy+ 2.30 Remote Administration Vulnerability
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently the SecurityFocus staff are not aware of any vendor supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
Fortech Proxy+ 2.30 Remote Administration Vulnerability
References:
References:
- Forbidden Knowledge Ezine #8 (Forbidden Knowledge)
- Proxy+ Product Home Page (Fortech)