XG Firewall

Discussions How was the SQL injection done? We blocked off admin login

Thread Info

State Verified Answer
+2 person also asked this people also asked this
Locked Locked
Replies 60 replies
Answers 2 answers
Subscribers 25 subscribers
Views 57326 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How was the SQL injection done? We blocked off admin login

Hayden Kirk 10 months ago

We have the admin login only allowing logins from our HQ (IP limited). Yet, they have all been compromised?

This thread was automatically locked due to age.

Parents

0 AlexRomp 10 months ago

Both the admin and USER portals were vulnerable. Either one would be able to be used to exfiltrate the LOCAL accounts (not AD/LDAP) including users and admins.
Cancel
Up 0 Down

Cancel
0 Hayden Kirk 10 months ago in reply to AlexRomp

right. so we need to reset all local vpn users? god damm.
Cancel
Up 0 Down

Cancel
0 AlexRomp 10 months ago in reply to Hayden Kirk

Yep. Most of ours were AD auth, but we had a few that used local accounts. We reset them anyway even though the users also used MFA.
Cancel
Up 0 Down

Cancel

Reply

0 AlexRomp 10 months ago in reply to Hayden Kirk

Yep. Most of ours were AD auth, but we had a few that used local accounts. We reset them anyway even though the users also used MFA.
Cancel
Up 0 Down

Cancel

Children

No Data