Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » A vulnerability founded in ZoneAlarm

A vulnerability founded in ZoneAlarm

by kobbra on November 9th, 2001 A vulnerability exists in ZoneAlarm, a popular firewall for Windows home-users, which could allow an unauthorized user to connect to a host with local intranet security settings.


A vulnerability exists in ZoneAlarm, a popular firewall for Windows home-users, which could allow an unauthorized user to connect to a host with local intranet security settings. The following was tested with ZoneAlarm Pro latest version: 2.6.357.





Similair to Internet Explorer ZoneAlarm Pro (ZAP) has security settings
for Local and Internet. However ZAP in certain cases classifies connections as Local when they really aren't Local. All connections that
have the same 2 octets as your IP (ex. Your ip 123.123.123.123 -> 123.123.*.*) are also considered Local.





That means everyone on with the same two first octet's of your IP can
connect to your computer under local level security settings instead of
the internet level security settings. With default settings this will expose your computer and all it's ports plus opening and allow access to windows services and shares.











Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »