You are hereWatchguard Fireware SSL-VPN Vulnerability discovered

Watchguard Fireware SSL-VPN Vulnerability discovered

By chri - Posted on 08 April 2008

Some days ago I analyzed the internals of the Watchguard SSL-VPN system. When you realize it uses OpenVPN you think it's quite secure. Except when you implement it completely wrong and screw it all up.

I finally freed some time today to work out a POC and indeed, my attack works like a charm. It can do even more than I expected :-)

Tomorrow I'll be at a Watchguard Seminar about new features in Fireware v10. I'll probably see my Watchguard contact and discuss this issue with him. He'll probably be able to give me more direct contacts where to send the advisory. Let's hope they will fix this asap as I consider this vulnerability as High Risk.
More info later when they fixed it...

Tags

I Love Belgium... and you?

About Me
GnuPG Public Key Still More LinkedIn profile
Photos
Projects
WeIDS 2.0 Linux Lessons WiFi Auth Project
Documentation
Acer Aspire 2012 WLMi Acer TM 4002 WLMi IR-receiver (Win)(NL)
Links
Ubuntu Belgium Planet Grep
FOSDEM Profoss hacker emblem www.cacert.org
Get OpenOffice Get Firefox Get Thunderbird
What is OpenID?