Volker Tanger - Vulnerability Reports

In der täglichen Arbeit als Projektleiter und Auditor für IT-Sicherheit stolpert man immer mal wieder über den ein oder anderen Bug auch in Sicherheitssystemen (z.B. Firewalls). Hier die Liste meiner Entdeckungen:

In my daily work as senior IT security consultant and auditor I stumble across vulerabilities once in a while - even with in IT security software (e.g. firewalls). Here the list of my discoveries:

Weak Password Encryption

iPhone App "BlueMail" Account Theft (02/2018)

The mail application leaks passwords to Amazon AWS servers which then access the accoun without user consent.

Lancom Router Weak Password Encryption (pre LCOS 9.x) (2009/2016)

The enrcyption of passwords in router configuration files can trivially be broken.

CheckPoint FireWall-1 allows routing loop (10/2003)

The firewall does not enforce that answer packets shall be leaving through the same interface where the initial request came in from. Routing loops on the FW machine are allowed this way.

3Com SuperStack II detected as router... or not. (08/2003)

Old versions of this stackable hub firmware show up on router scans because answering packets "routed" via the management interface.

Multiple Vendor HTTP CONNECT TCP Tunnel Vulnerability (generic - 2002)

Quite a number of HTTP proxies allow unrestricted access to the http CONNECT method - thus allowing to abuse the proxy e.g. for mail relaying or (even worse) to gain access to internal systems. Specifically found:

• CheckPoint FW1 HTTP Security Hole (02/2002)
• Proxy vulnerability in TrendMicro InterScan-VirusWall V3.6 (12/2002)
• Astaro Security Linux Firewall - HTTP Proxy vulnerability (01/2003)