Synopsis
The remote host passes information across the network in an insecure manner.
Description
The remote Cisco server is acting as a PPTP VPN server. Further, the server has enabled web administration over unencrypted HTTP. The VPN Concentrator handles user accounts and other confidential data. An attacker with the ability to sniff the network would be able to gather confidential data that would be useful in future attacks.
Solution
Use Access Control Lists (ACLs) to block access from untrusted machines. In addition, force the communication over an SSL connection.
