[22970] in bugtraq
RE: Check Point VPN-1 SecuRemote Flaw
daemon@ATHENA.MIT.EDU (Gordon, Paul)
Wed Oct 24 00:22:56 2001
Message-ID: <97C9BEF9B535B342B75DC7054495A64A4B0F62@excsgsg102.asia.unity>
From: "Gordon, Paul" <Paul.Gordon@getronics.com>
To: "'bugtraq@securityfocus.com'" <bugtraq@securityfocus.com>
Date: Wed, 24 Oct 2001 11:26:25 +0900
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
This has been a long-standing problem with SecuRemote. However, Checkpoint
claims to have fixed the problem in VPN-1 Next Generation. Now a generic
error message is received regardless of whether the username or password is
incorrect (although I've not personally verified this).
---------------------------------------------------------
Paul Gordon Getronics Solutions (S) PTE LTD
Security Consultant 1 International Business Park
The Synergy
Ph: +65 890 2828 #02-14/15
Fax: +65 890 2888 Singapore 609917
Email: paul.gordon@getronics.com
---------------------------------------------------------
-----Original Message-----
From: Kratter, Dave [mailto:dave@mimeo.com]
Sent: Wednesday, 24 October 2001 5:07
To: 'bugtraq@securityfocus.com'
Subject: Check Point VPN-1 SecuRemote Flaw
Summary:
SecuRemote will show whether a username is recognized during failed
login attempts
Versions Tested:
4.1 SP4 (4185) VPN+Strong for Windows 2000
4.1 SP4 (4185) VPN+Strong for Windows NT
<snip>
