WinGate Passwordless Default Installation

high Nessus Plugin ID 10309

Synopsis

The remote service may allow an access control breach.

Description

Wingate is a program that allows a Windows98 computer to act as a proxy.
Unfortunately, the default configuration is too permissive and allows anyone to use this computer to connect anywhere, thus hiding the real IP address.

This WinGate server does not ask for any passwords, and thus can be used by an attacker from anywhere as a telnet relay.

Solution

Adjust the WinGate configuration.

See Also

https://www.wingate.com/

Plugin Details

Severity: High

ID: 10309

File Name: wingate.nasl

Version: 1.29

Type: remote

Agent: windows

Family: Windows

Published: 6/22/1999

Updated: 6/1/2022

Configuration: Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:qbik:wingate

Required KB Items: Settings/ThoroughTests

Vulnerability Publication Date: 1/2/2000

Reference Information

CVE: CVE-1999-0291