[8028] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

Re: Firewall-1 3.0b Session Agent

daemon@ATHENA.MIT.EDU (Brooke Paul)
Fri Sep 25 17:07:46 1998

Date: 	Fri, 25 Sep 1998 12:40:33 -0700
Reply-To: Brooke Paul <brooke@BPAUL.COM>
From: Brooke Paul <brooke@BPAUL.COM>
To: BUGTRAQ@NETSPACE.ORG

> -----Original Message-----
> From: Larry Pingree [SMTP:larryp@secure-it.net]
>
> A problem exists in the Firewall-1 3.0b Session Agent
>
> All communications from the Firewall-1 Module to the session agent are
> non-encrypted. Thus also allowing these communication to be snooped for
> usernames and passwords.

  I think it's worth noting that Checkpoint states that the included
Session Agent is a 'demo' and not officially supported.  The real problem
is the protocol they have defined.  Even if you attempt to write a secure
version it wouldn't interoperate with the firewall.

        Brooke


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[8028] in bugtraq

Re: Firewall-1 3.0b Session Agent

daemon@ATHENA.MIT.EDU (Brooke Paul)Fri Sep 25 17:07:46 1998

daemon@ATHENA.MIT.EDU (Brooke Paul)
Fri Sep 25 17:07:46 1998