Juniper SSL VPN PenTest

[Offsecguy]

Hello Friends,

I am testing Juniper SSL VPN IVE, i could not find open vulnerabilities and testing methods to test SSL VPN.

I was able to find test url and admin url as per below link, however target application is not using two factor authentication to demonstrate two factor authentication bypass

http://carnal0wnage.attackresearch.com/2013/05/funky-juniper-urls.html

And there is a Client side attack, we are not testing client side as per engagement.

http://www.rapid7.com/db/modules/exploit/windows/browser/juniper_sslvpn_ive_setupdll

I request your valuable suggestions from your experience to help further testing.