WinGate Passwordless Default Installation

High Nessus Plugin ID 10309


The remote service may allow an access control breach.


Wingate is a program that allows a Windows98 computer to act as a proxy.
Unfortunately, the default configuration is too permissive and allows anyone to use this computer to connect anywhere, thus hiding the real IP address.

This WinGate server does not ask for any passwords, and thus can be used by an attacker from anywhere as a telnet relay.


Adjust the WinGate configuration.

See Also

Plugin Details

Severity: High

ID: 10309

File Name: wingate.nasl

Version: $Revision: 1.26 $

Type: remote

Agent: windows

Family: Windows

Published: 1999/06/22

Modified: 2016/11/29

Dependencies: 17975

Risk Information

Risk Factor: High


Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:qbik:wingate

Required KB Items: Settings/ThoroughTests

Vulnerability Publication Date: 2000/01/02

Reference Information

CVE: CVE-1999-0291

OSVDB: 245