RE: NetMeeting and H.323

From: Sanjiv K Agarwala (s.agarwala@usa-tcs.com)
Date: Wed Feb 19 2003 - 17:41:50 EST


NetMeeting operates erratically with security enabled. At times, it does
not recognize that security has been activated, while other times it
instantly asks for a certificate password.

Although at NetMeeting startup users are asked to identify themselves to
the
Application, there is no authentication to verify that they are who they
say they are. This permits users to take on someone's identity and act
maliciously.
Each call participant must have security turned on to be able to
participate in a secure call, but there is no way to tell if the
participants are fully authenticated or not.

Passwords on RDS(remote desktop sharing) are case sensitive, but there
are no other password restrictions or requirements. Calls for brute
force attacks!!!

You have already talked about the FW issues, which is true.

Best way to overcome NetMeeting or H.323 problems is through VPN
solutions.

--Sanjiv
-----Original Message-----
From: Jeremy Junginger [mailto:jj@act.com]
Sent: Tuesday, February 18, 2003 2:14 PM
To: pen-test
Subject: NetMeeting and H.323

Hey guys,

I know I'm asking for it by putting this before the group, but that's
kind of my intent. Could anyone in here let me know why H.323, and more
specifically, netmeeting is a bad idea*?

*(Aside from the obvious fact that you have to blow a udp hole from 1024
to 65535 in your firewall in order to accommodate it...heheh...)

I would really like to get input from the security professionals on this
list.

Thank you, and have a great day!

-Jeremy

------------------------------------------------------------------------

----
Do you know the base address of the Global Offset Table (GOT) on a
Solaris 8
box?
CORE IMPACT does.
www.securityfocus.com/core
----------------------------------------------------------------------------
Do you know the base address of the Global Offset Table (GOT) on a Solaris 8
box?
CORE IMPACT does.
http://www.securityfocus.com/core


This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:28 EDT