Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.

Share tech news, updates, or what's on your mind.

Sign up to Post

I was given a list of potential malicious sites by some intel but when I ping them, they don't resolve to any IP.

How to know if they were there before or had been taken down??

Will post them in the post below
0
Free Tool: SSL Checker
LVL 12
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Anyone know if the Spectre vulnerability really be fixed with a software patch being that it is a hardware problem?
0
Hi,

I'm doing a pen test remediation and they have flagged up default IIS files present on our Exchange and other servers (see wording below). I've scoured the web but can't find any conclusive guides for a safe way to do this. If i go into IIS on these servers, click on the root and then Default document i can see a list of files. If I remove these will this solve the vulnerability and more importantly will it not break anything?

Any advice would be greatly appreciated. :)

Description
Default files have been found on the server. These may often contain dangerous script examples,
administrative interfaces, or configuration information.
The presence of default Web Server files also indicates that the Web Server hardening procedure needs
improvement, and this could indicate to an attacker that further vulnerabilities may exist due to a
weakness in server management practices.
CVSS v2 Vector (AV:N/AC:L/Au:N/C:P/I:N/A:N)

Solution
Remove the default files from the server and review server hardening procedures to ensure default files
are removed during the server build.

Information
Default IIS7 files found on 4 externally facing IP addresses
0
We are looking to set up a point to point vpn with sonicwall on our end and watchguard on the clients end. We'll be using that to set up crashplan backup on virtual machines. Two questions.
1. Is it pretty straightforward to set up the point-to-point between sonicwall and watchguard?
2. Once that is established, would we need a backup device for each VM (say we have 3) or would backing them up to one device with designated partitions work ok?
0
We would like to run a scan of our external network (covering a subnet range) to determine:

1. What ports are open (scanning all 65,535 UDP, TCP ports

2. Check to see if there are any obvious vulnerabilities for any of the discovered endpoints such as the firewall itself


Ideally a Windows-based utility with a GUI is preferred and free/free trial.


Thanks
0
We have a Watchguard XTM 2 firewall device.

We have set it up successfully with a static IP address through our modem.  The modem works and plugged it directly into the computer with IPv4 manually set.

We have the WAN in X0 and the LAN is X2.

When we setup the device with the Trusted Interface of 192.168.0.1/24 with DHCP range of 192.168.0.2-192.168.0.199 it works but does not get Internet.   The DNS server is set and the computer has no problem getting a DHCP address.

The only thing that looks wrong is this picture with the gateway is showing up as 0.0.0.0 but don't see a place to change it nor do I see any settings wrong.  Help!
20180503_110739.jpg
0
Hello all,

What is the ideal way for patch management. How to remediate windows servers. Where should we start?

REgards
0
I am having an issue accessing a secure ftp web site from a network.  The network uses a watchguard xtm 25 appliance and then runs Server 2008 R2 as the network server.  The workstations are all Windows 7 Pro.

The URL is https://oebsftp.ontarioenergyboard.ca.  This should bring me to a log in page, but instead the following message

The message from IE 11 is as follows:

This page can’t be displayed


Turn on TLS 1.0, TLS 1.1, and TLS 1.2 in Advanced settings and try connecting to https://oebsftp.ontarioenergyboard.ca  again. If this error persists, it is possible that this site uses an unsupported protocol or cipher suite such as RC4 (link for the details), which is not considered secure. Please contact your site administrator.

Fire fox give the following:
Secure Connection Failed

The connection to oebsftp.ontarioenergyboard.ca was interrupted while the page was loading.

    The page you are trying to view cannot be shown because the authenticity of the received data could not be verified.
    Please contact the website owners to inform them of this problem.
Often the Ontario energy board upload sites are designed for IE only.

I do not see anything in the Watchguard appliance but may be overlooking something.

The server uses SEP 14.0 for both anti-virus and Firewall

As a separate issue, email using Outlook 2013 cannot use ssl either
0
Our ISP has given us a block IP addresses, and a gateway on a different subnet. We must use PPPoE to connect. We want to use these addresses on a Watchguard XTM box using Fireware 12.1.1

We have set the PPPoE connection to use the gateway IP address, and added the 5 main IP addresses as secondary ones on the external interface. These can be thought of as follows (not the actual IP addresses):

Gateway : 80.80.79.79
Assigned IP Range 80.80.80.1/29

When trying to configure a BOVPN, we would like our IP address to show as 80.80.80.1 but it always appears as 80.80.79.79.

We've modified the other firewall policies such as HTTPS client to use one of the IP addresses in the block and this works fine, just not the BOVPN one. Can someone direct me to where I should specify the IP address for the BOVPN?

Thanks.
0
Hi, I have a really odd problem with a Watchguard XTM25-W Firewall.  It has the latest Fireware on it and I've reset it and run the setup wizard from scratch on it. I have a Draytek VDSL model plugged into Port0 and have set up PPPOE authentication on the watchguard and the watchguard connects to the internet.  I have successfully downloaded the Live Security feature key and it's valid for 2 more months.  

The problem I have is that if I plug a laptop directly into Port 1 on the Watchguard and set up a static IP the laptop can see the internet. However if I plug Port 1 into an established 48 port switch nobody on the switch can see the Watchguard, and in fact the Port1 light on the Watchguard doesn't even light up (it lights up if you plug the Laptop into it)

As far as I am aware when you reset a Watchguard and run the setup Wozard it sets up enough default settings to get you a basic internet connection but I'm wondering if there is now some additional configuration needed to allow the internet connection to be shared.

Bit of further background, the Watchguard is replacing an existing Draytek VDSL Router which was the original Default Gateway so I have set up the Watchguard with the same IP address as the Draytek Router (and of course unplugged the Draytek)

Would really appreciate some suggestions on this.

Many thanks
0
Free Tool: IP Lookup
LVL 12
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Good day-
I'm attemtping to forward port inbound requests on port 80 to internal port 16000 for viewing of a DVR camera system.  Can someone guide me over policy manager? I'm not understanding the kb from watchguard.

Best,
Craig
0
Hello,
I need to bypass a XSS check which is using stripos to prevent using script tags by detecting the work "script"
<?php
if (stripos($a, 'script') !== false) return false; return true;
?>

Open in new window

The web server also has a CSP policy (default-src none; script-src: nonce-key) and requires a nonce parameter within the script tag.
Thank you for your help.
0
https://blog.trendmicro.com/trendlabs-security-intelligence/autoit-used-to-spread-malware-and-toolsets/

Users are requesting for AutoIT to automate their tasks (mouse clicks, repetitive keystrokes etc)
but I have concerns like what's listed in link above.

What are the mitigations we can put in place to balance between work productivity & IT security risks?

Are the following valid mitigations?

1. air-gap those PC running AutoIT, namely remove Internet access & email access as these two are
    top vectors of malwares.  Users told me they don't need these 2 functions on the PCs running
    AutoIT but the AutoIT programmer wants it on his PC as he doesn't want to switch around
    between PCs when developing AutoIT scripts & using email/Internet

2. I heard we can compile the scripts & then uninstall AutoIT : so if a hacker got into the PC, he
    can't develop keyloggers/malicious scripts (that capture credentials).  The programmer felt
    this is restrictive but to work around, I heard we can create config file for scripts to read in
    parameters/variables to give more flexibilities or options for the scripts to operate: is this
    so?  Is this a good mitigation?

Pls add on any further mitigations.

I've heard of VB & Java scripts being risks : are they of similar nature as the risks of AutoIT?
0
Regarding CVE-2018-0151 and apologies if this seems like a newb question but....

Is it still advisable to disable UDP port 18999 if your not using the the Adaptive QoS for Dynamic Multipoint VPN (DMVPN) feature?  Or should we only be concerned with this if the feature set is enabled and in use?  Our network engineers are clamoring over the fact that they would have to disable the port on over 600 devices in order to address this given we're not utilizing the feature.

Thanks in advance
0
We have a WatchGuard M300. We currently have an internet connection that is too small for our needs. Our issue is the upload speed is capped at 20Mbps. With the M300 can we add a second internet connection and have our internet traffic divided evenly between these two connections?
0
Our network guys as well as the vendor who support our Cisco insisted that there's no patch available for
the 2960, 37xx models  for CVE-2018-0171

I showed them the extract from the link below but they still insisted it's only 'no vstack' that is needed &
there's no patch:
  https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20180328-smi2
"Cisco has released free software updates that address the vulnerability described in this advisory. Customers may only install and expect support for software versions and feature sets for which they have purchased a license. “


Anyone can verify this & if there is patch, help download to a dropbox or somewhere for me to get from there as we don't have TAC.
0
I have discovered by using vulnerability test software that 2 windows 2008 servers seemed to be vulnerable to ROBOT Attacks (Return of Bleinchenbacher's Oracle Threat),  I've been reading several articles with no answers.  Is there a Microsoft patch that fixes this (Windows update)  or is there a proper way to disable the RSA ciphers.   There seems to be a lot of info out there but nothing related to fixing the issues on a windows 2008 R2 server.

Can anyone point me int the right directions ?
0
I have a system AIX with 6.1.00 tl9 is necessary install fix for sendmail-cve-2014-3956 ?

The problem exists only if I go to the internet world?
0
I have a client with a SonicWall TZ 205, and we are running into an issue with PCI compliance scans.
Right now we are struggling to resolve a failure with "SSL Certificate - Signature Verification Failed Vulnerability".

Sonic support is clueless - does anyone here have a thought? Thanks in advance!
0
Improved Protection from Phishing Attacks
LVL 1
Improved Protection from Phishing Attacks

WatchGuard DNSWatch reduces malware infections by detecting and blocking malicious DNS requests, improving your ability to protect employees from phishing attacks. Learn more about our newest service included in Total Security Suite today!

Audit wanted me to simulate a High severity event which we have only a few such as
successful Brute Force, true DDoS (not sure what's the bandwidth) & compromised
network/firewall devices that lead to operations outage.

This is to see if the SoC responds within SLA (from Splunk alert which currently
covers Prod servers/devices) & how fast we mitigate it.

I think the easiest is to
a) install a brute force password cracker
b) create a local account not subject to GPO (eg: password doesnt get locked
    despite number of failed attempts with a simple password) on a non-
    critical Prod server

Any freeware tool on Windows that do brute force for Windows that anyone
can recommend?  SIP Vicious or is there a free l0phtcrack ?
0
We have several locations. Each location has several DNS servers, all replicating to each other. In DNS we have several Conditional Forwarders. At all locations except one I can ping and RDP into any of the servers in the Conditional Forwarders list. However in one of the locations I am unable to ping to any of the Conditional Forwarder IPs. All locations are connected using a Watchguard firewall using a VPN. When I do a tracert from the location that is unable to get to any of the Conditional Forwarder locations, it goes to the local DNS server, then out to local ISP DNS server. I have been reading and searching for articles that might help however I am unable to find a solution.
0
Dear EE,

I have two vulnerabilities.


1:- Microsoft Office Dynamic Data Exchange (DDE) Vulnerability (KB 4053440) (ADV170021)

2:- Microsoft Office and Microsoft Office Services and Web Apps Security Update January 2018


My client has reported DDE vulnerability in there production environment having Microsoft Office Professional Plus 2010 64 Bit.

Can you please help me how can i make / configure DDE vulnerability in my local environment with same Microsoft Office Professional Plus 2010 64 Bit.

So that i can then FIX it and share the steps to my client.

After fixing first one we will move to 2nd one.

Thanks
03-Apr-18-12-41-00-PM.jpg
0
Hi Experts!

Hope everyone is well?

All of a sudden when we make changes to a Custom Profile on AlienVault OSSIM and trying and update it fails for all sensors.

Database Updates Correctly and shows a green tick.
On sensor fails with a red cross
All the rest just pulse (3 black lines) but never do anything else

Pic
Checked the Sensors and all have network connectivity. I can Telnet to each box on port 9330.

All certificates seem to be ok.

Would anybody be able to point me in the right direction to try and help me diagnose and resolve this?

Cheers
SJG
0
How to get rid of the adware: Drivers Agent?  I have tried all of the basic solutions on the internet.
0
In 2017, the number of vulnerabilities detected in applications rose 33%. Is your company prepared to deal with these risks? Train to become a Certified Penetration Testing Engineer today! There are only two days left to enroll in this month’s Course of the Month.
2

Vulnerabilities

6K

Solutions

8K

Contributors

A vulnerability is a weakness which allows an attacker to reduce a system's information assurance. Vulnerability is the intersection of three elements: a system susceptibility or flaw, attacker access to the flaw, and attacker capability to exploit the flaw. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness, known as the attack surface. Vulnerability management is the cyclical practice of identifying, classifying, remediating, and mitigating vulnerabilities. Other vulnerabilities include security risks, security defects and constructs in programming languages that are difficult to use properly.