|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Cisco Systems VPN Client allows local logon with Elevated Privileges
From: 3APA3A (3APA3A
SECURITY.NNOV.RU)
Date: Thu May 15 2003 - 07:35:21 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Dear Nick Staff,
--Wednesday, May 14, 2003, 9:09:15 PM, you wrote to NTBUGTRAQLISTSERV.NTBUGTRAQ.COM:
NS> an ISP. By default these settings are not locked to standard users
NS> because the configuration file responsible for holding these
NS> settings (vpnclient.ini) is installed to a non-restricted path
NS> (systemdrive%\program files\CiscoVPN).
Default settings of Windows 2000 and above (and recommended settings for
Windows NT) limit access to Program Files for users to "Read". If your
users are included in "Power Users" group, you have huge security
problem unrelated to Cisco software.
--
~/ZARAZA
Машина оказалась способной к единственному действию,
а именно умножению 2x2, да и то при этом ошибаясь. (Лем)
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
EXECUTIVE SEMINAR: "Information Security and the Disappearing Perimeter"
Join Peter S. Tippett, PhD, M.D., the industry's foremost authority on
network security, and TruSecure for a free breakfast seminar on "The Impact
of the Disappearing Perimeter." Learn how you can proactively protect your
organization against today's newest threats, including those from remote
users, business partners and wireless. To register, and to view the full
list of dates and cities, click below or call 1-888-396-8348.
http://www.trusecure.com/offer/s0096/
oooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooooo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]