T 5.92 Use of the VPN client as a VPN server

The software installed on VPN clients to dial in to a remote access VPN often allow the client to act as a VPN server and accept incoming connections as well. There is a fundamental risk in this case that unauthorised persons will attempt to connect to the VPN client and access the LAN through it.

If an attacker is able to overcome the VPN authentication mechanism, then he will also be able to access the data of the VPN client. For example, an attacker could log in to the client without authorisation by successfully trying out or guessing the passwords or through password-protected user accounts or guest accounts with default passwords on the client. Depending on the type of connection between the VPN client and the LAN of the company or government agency, the attacker may also be able to access internal resources.