Proxy+ Allows Administrative Access
Reported June 26 by
Andrew Lewis

VERSIONS EFFECTED
  • P
roxy+ 2.40

DESCRIPTION

Proxy+ configure its remote administration interface to only accept connections from "localhost". The administrative interface does not allow  connections which come through the server"s HTTP proxy, however the it does allow connections that come through the server"s Telnet proxy.

VENDOR RESPONSE

The vendor, Fortech, is aware of this matter and however no response was known at the time of this writing.

CREDITS
Discovered and reported by Andrew Lewis