XG Firewall

Discussions How was the SQL injection done? We blocked off admin login

Thread Info

State Verified Answer
+2 person also asked this people also asked this
Locked Locked
Replies 60 replies
Answers 2 answers
Subscribers 23 subscribers
Views 51637 views
Users 0 members are here

Options

Suggested

This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How was the SQL injection done? We blocked off admin login

Hayden Kirk 5 months ago

We have the admin login only allowing logins from our HQ (IP limited). Yet, they have all been compromised?

This thread was automatically locked due to age.

Parents

0 AlexRomp 5 months ago

Both the admin and USER portals were vulnerable. Either one would be able to be used to exfiltrate the LOCAL accounts (not AD/LDAP) including users and admins.
Cancel
Up 0 Down

Cancel
0 Hayden Kirk 5 months ago in reply to AlexRomp

right. so we need to reset all local vpn users? god damm.
Cancel
Up 0 Down

Cancel
0 AlexRomp 5 months ago in reply to Hayden Kirk

Yep. Most of ours were AD auth, but we had a few that used local accounts. We reset them anyway even though the users also used MFA.
Cancel
Up 0 Down

Cancel

Reply

0 AlexRomp 5 months ago in reply to Hayden Kirk

Yep. Most of ours were AD auth, but we had a few that used local accounts. We reset them anyway even though the users also used MFA.
Cancel
Up 0 Down

Cancel

Children

No Data