The remote proxy server in Winroute allows a remote attacker to reconfigure the proxy without authentication through the "cancel" button.