Lucene search
This script is Copyright (C) 1999-2022 Tenable Network Security, Inc.WINGATE.NASLHistoryJun 22, 1999 - 12:00 a.m.
WinGate Passwordless Default Installation
1999-06-2200:00:00
This script is Copyright (C) 1999-2022 Tenable Network Security, Inc.
www.tenable.com
16
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.7%
Wingate is a program that allows a Windows98 computer to act as a proxy.
Unfortunately, the default configuration is too permissive and allows anyone to use this computer to connect anywhere, thus hiding the real IP address.
This WinGate server does not ask for any passwords, and thus can be used by an attacker from anywhere as a telnet relay.
#
# (C) Tenable Network Security, Inc.
#
include('compat.inc');
if (description)
{
script_id(10309);
script_version("1.29");
script_set_attribute(attribute:"plugin_modification_date", value:"2022/06/01");
script_cve_id("CVE-1999-0291");
script_name(english:"WinGate Passwordless Default Installation");
script_set_attribute(attribute:"synopsis", value:
"The remote service may allow an access control breach.");
script_set_attribute(attribute:"description", value:
"Wingate is a program that allows
a Windows98 computer to act as a proxy.
Unfortunately, the default configuration is too
permissive and allows anyone to use this computer
to connect anywhere, thus hiding the real IP address.
This WinGate server does not ask for any
passwords, and thus can be used by an attacker
from anywhere as a telnet relay.");
script_set_attribute(attribute:"see_also", value:"https://www.wingate.com/");
script_set_attribute(attribute:"solution", value:
"Adjust the WinGate configuration.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_attribute(attribute:"vuln_publication_date", value:"2000/01/02");
script_set_attribute(attribute:"plugin_publication_date", value:"1999/06/22");
script_set_attribute(attribute:"plugin_type", value:"remote");
script_set_attribute(attribute:"cpe", value:"cpe:/a:qbik:wingate");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Windows");
script_copyright(english:"This script is Copyright (C) 1999-2022 Tenable Network Security, Inc.");
script_dependencies("find_service1.nasl");
script_require_keys("Settings/ThoroughTests");
script_require_ports("Services/telnet", 23);
exit(0);
}
#
# The script code starts here
#
include('global_settings.inc');
if ( ! thorough_tests ) exit(0);
port = get_kb_item("Services/telnet");
if(!port) port = 23;
if(get_port_state(port))soc = open_sock_tcp(port);
else exit(0);
if(soc)
{
buffer = recv(socket:soc, length:1);
n = strlen(buffer);
if(n == 0)exit(0);
buffer = recv(socket:soc, length:7);
if(!buffer){
close(soc);
exit(0);
}
b = string("localhost\r\n");
send(socket:soc, data:b);
r = recv(socket:soc, length:1024);
if(!r){
close(soc);
exit(0);
}
r = tolower(r);
for(i=0;i<11;i=i+1){
d = recv(socket:soc, length:1);
if(!d){
close(soc);
exit(0);
}
}
r = recv(socket:soc, length:100);
r = tolower(r);
if(("connecting to host" >< r)){
security_hole(port);
set_kb_item(name:"wingate/enabled", value:TRUE);
}
close(soc);
}
Related
cvelist
cvelist
CVE-1999-0291
2000-01-04 05:00:00
cve
cve
CVE-1999-0291
2000-01-04 05:00:00
nvd
nvd
CVE-1999-0291
1999-02-01 05:00:00
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.007 Low
EPSS
Percentile
80.7%
Related for WINGATE.NASL