Date: Fri, 9 Apr 1999 00:37:05 -0400
From: Michael R. Rudel <mrr@DODDS.NET>
To: BUGTRAQ@netspace.org
Subject: Bug in Winroute 3.04g

There is a bug in the remote proxy server admin part of Winroute 3.04g.
I have tested it on an earlier release (3.04a), and that is also
vulnerable.

When you first access the admin proxy server, it asks for a username and
password to authenticate to. If you hit 'cancel', one frame will come
back as not containing any data, but the other frame will still give you
all the buttons that you need to configure the software - giving you
full access.

This is a semisortakindaserious bug, as anyone using Winroute can be
disconnected from the Internet by anyone else in the world, as they can
authenticate to the admin proxy server without a user name and password.

- Michael R. Rudel (mrr@mrr.cx)
- Computer Tech
- Pinckney Community Schools

----------------------------------------------------------------------------

Date: Fri, 9 Apr 1999 16:12:05 -0700
From: Max Vision <vision@WHITEHATS.COM>
To: BUGTRAQ@netspace.org
Subject: Re: Bug in Winroute 3.04g

On Fri, 9 Apr 1999, Michael R. Rudel wrote:
> There is a bug in the remote proxy server admin part of Winroute 3.04g.
> I have tested it on an earlier release (3.04a), and that is also
> vulnerable.
>

Confirmed on Winroute Pro 3.04
http://localhost:3129/admin/config/ takes yous straight to the
configuration options without authentication.

If one is going to use Winroute, I highly recommend turning on the
packet filter found at Settings -> Advanced -> Packetfilter

An unrelated bug is that the packetfilter refuses to pass on tcp 139
regardless of implicite configuration otherwise.

Max