Forum Discussion
marcocheng_5768
Jun 29, 2011Nimbostratus
Firepass Application Tunnel in a shared Terminal Server Environment
Hi All,
Recently I've tested using Firepass application tunnel with users logged in to a Windows Terminal Server. I found that when the application tunnel established, the TunnelServer.exe create listens on a local loopback address (127.x.x.x) for individual application tunnel. The address is in random.
At the same time, I found that an "Unauthenticated" user who are logged in to the same Terminal Server can gain access to the application tunnel without ANY authentication process, just by connecting to the loopback address created.
It seems the design of application tunnel have this security loophole when using in a shared terminal server environment. I try to figure out how to deal with this situation. Any suggestions?
Thanks a lot.
- Mike_61719CirrusLet me ask a few questions.
- marcocheng_5768NimbostratusHi Mike,
- Mike_61719CirrusCreate a ticket with support. I doubt they thought of this type of access on a Terminal Server. I can't figure out a way to limit access :(
- marcocheng_5768NimbostratusThanks Mike, one workaround that I can figure out now is to restrict the access rights of users on the Terminal Server to prevent them from discovering the local ports opened.
Recent Discussions
Related Content
DevCentral Quicklinks
* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com
Discover DevCentral Connects