Cisco VPN Concentrator Administrative Interface Detection
Low Nessus Network Monitor Plugin ID 3913
SynopsisThe remote host passes information across the network in an insecure manner.
DescriptionThe remote Cisco server is acting as a PPTP VPN server. Further, the server has enabled web administration over unencrypted HTTP. The VPN Concentrator handles user accounts and other confidential data. An attacker with the ability to sniff the network would be able to gather confidential data that would be useful in future attacks.
SolutionUse Access Control Lists (ACLs) to block access from untrusted machines. In addition, force the communication over an SSL connection.