Ingate Firewall Persistent PPTP Tunnel Vulnerability
BID:12383
Info
Ingate Firewall Persistent PPTP Tunnel Vulnerability
| Bugtraq ID: | 12383 |
| Class: | Design Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 27 2005 12:00AM |
| Updated: | Jan 27 2005 12:00AM |
| Credit: | Discovery is credited to Neil Watson at Voicegenie. |
| Vulnerable: |
Ingate Firewall 4.1.3 Ingate Firewall 3.3.1 Ingate Firewall 3.2.1 Ingate Firewall 3.2 |
| Not Vulnerable: | |
Discussion
Ingate Firewall Persistent PPTP Tunnel Vulnerability
Ingate Firewall does not remove PPTP tunnels created by a user that has been disabled by the firewall administrator. Even if the user has been disabled, any PPTP tunnels they have created will persist.
Ingate Firewall does not remove PPTP tunnels created by a user that has been disabled by the firewall administrator. Even if the user has been disabled, any PPTP tunnels they have created will persist.
Exploit / POC
Ingate Firewall Persistent PPTP Tunnel Vulnerability
There is no exploit required.
There is no exploit required.
Solution / Fix
Ingate Firewall Persistent PPTP Tunnel Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
Ingate Firewall Persistent PPTP Tunnel Vulnerability
References:
References:
- Ingate Home Page (Ingate)
- Ingate Firewall: Removed PPTP tunnels not deactivated (Per Cederqvist