|
Brought to you by:
Suppliers of:
|
|
|
| |
| During an authentication attempt in the VPN-1 SecuRemote Authentication dialog box, a failed login due to an incorrect username or password will result in different responses, depending on the nature of the failure. If the username is valid and the password is incorrect, SecuRemote will return a dialog box with the message "Access denied by FireWall-1 authentication". However, if the username is invalid, SecuRemote will return a dialog box with the message "User <unknown_user> not found". While this is not an actual security hole, it does allow someone to determine valid firewall usernames using brute-force techniques. |
| |
Credit:
The information has been provided by Kratter, Dave.
|
| |
Vulnerable systems:
4.1 SP4 (4185) VPN+Strong for Windows 2000
4.1 SP4 (4185) VPN+Strong for Windows NT
Vendor status:
Checkpoint was notified on October 16, 2001
Workaround:
One workaround is to define a user in your firewall called 'generic*' which will match any username. You need to make sure that the user cannot authenticate or is not specified as the source on any authentication rules but this will make the firewall report every username as valid.
A slightly more worrying problem with SecuRemote is that it will also identify which authentication method the user has. If you just specify a username without a password then SecuRemote will re-display the authentication window but with a different password prompt such as 'FireWall-1 Password:' or 'PASSCODE:' etc.
|
| Subject:
|
How can I make SecuRemote VPN-1 Connection dialogue remember my password |
Date: |
4 Aug. 2006 |
| From: |
shawnTheUnixMasters.com |
| How can I make SecuRemote VPN-1 Connection dialogue remember my password, so that I would not have to type it in every time? |
|
|
|
|
|
|
