The West Wind Web Connection Administration page is a powerful page that is the gateway to administration of the West Wind Web Connection server that is executing. But you know the saying:
With great power, comes great responsibility!
And that’s most definitely true for the Admin page.
The Admin page has a very important role, but it’s crucially important that this page is completely locked down and not accessible by non-authenticated users.
Read more at:
https://west-wind.com/wconnect/weblog/ShowEntry.blog?id=936
Resources
I want to also thank Ken Pyle for bringing this issue to my renewed attention and providing the motivation for updating the default implementation to reject unauthenticated access from remote sources by default.
Ken Pyle
DFDR Consulting LLC
Digital Forensics, Incident Response, Cyber Security
www.dfdrconsulting.com