SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (VPN)  >   FireWall-1/VPN-1 Vendors:   Check Point
Check Point FireWall-1 SecuRemote VPN System Discloses Information About Valid Usernames
SecurityTracker Alert ID:  1002623
SecurityTracker URL:  http://securitytracker.com/id/1002623
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Oct 23 2001
Impact:   Disclosure of system information
Exploit Included:  Yes  
Version(s): tested on 4.1 SP4 (4185) VPN+Strong for Windows 2000, 4.1 SP4 (4185) VPN+Strong for Windows NT
Description:   A vulnerability was reported in Check Point FireWall-1's SecuRemote VPN software. A remote user can determine if a username is valid or not.

It is reported that when a remote user attempts to authenticate via the VPN-1 SecuRemote Authentication dialog box, a failed login response will indirectly indicate whether the username is incorrect or the password is incorrect, as the responses are different.

It is reported that if the username is valid and the password is incorrect, SecuRemote will return a dialog box with the message "Access denied by FireWall-1 authentication". If the username is invalid, SecuRemote will apparently return a dialog box with the message "User <unknown_user> not found".

The vendor has reportedly been notified.

Impact:   A remote user can determine if a username is valid or invalid.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.checkpoint.com/techsupport/alerts/ (Links to External Site)
Cause:   Authentication error
Underlying OS:  Linux (Any), UNIX (AIX), UNIX (HP/UX), UNIX (Solaris - SunOS), Windows (NT), Windows (2000)

Message History:   None.


 Source Message Contents

Subject:  Check Point VPN-1 SecuRemote Flaw


Summary:
	SecuRemote will show whether a username is recognized during failed
login attempts

Versions Tested:
	4.1 SP4 (4185) VPN+Strong for Windows 2000
	4.1 SP4 (4185) VPN+Strong for Windows NT

Description:
	During an authentication attempt in the VPN-1 SecuRemote
Authentication dialog box, a failed login due to an incorrect username or
password will result in different responses, depending on the nature of the
failure. If the username is valid and the password is incorrect, SecuRemote
will return a dialog box with the message "Access denied by FireWall-1
authentication". However, if the username is invalid, SecuRemote will return
a dialog box with the message "User <unknown_user> not found". While this is
not a security hole per se, it does allow someone to determine valid
firewall usernames (given enough patience).

Workaround:
	Unknown

Vendor Status:
	Check Point was notified on October 16, 2001



David B. Kratter
Mimeo.com, Inc.
Quality Assurance Technical Engineer

Mimeo.com. Click.Print.Bind.Deliver.sm

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC