tech_rkn Posted April 21, 2021 Share Posted April 21, 2021 Dear community, Some thoughts following CNN article about: "hackers repeatedly took advantage of several known flaws and one newly discovered vulnerability in Pulse Secure VPN, a widely used remote connectivity tool, to gain access to dozens of organizations in the defense industrial sector" I am pretty sure others vpn like wireguard and openvpn may have the same flaws. But there is another point of failure in our network. Our ISP routers. Bypassing vpn by direct access using them is possible. Even sometime easy as they have built in login as admin/admin most of the time... Yesterday, using burp, hydra and kali I gained access to a test network through the wifi as a demonstration to one of my friend, trying to show him how to hardened his Isp routers. Once done, I hit his openmediavault Gui, trying log in. Using an eset network scanner, I highlight a login failure as admin/openmediavault was still used. The only thing stoping me by the lack of time was his F2A protection. My point here, is unRAID might be in the same trouble, and don't have F2A login protection. What are your tought on this subject ? 2 1 Quote Link to comment
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.