Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > NFR Wizards> 1998

NFR Wizards Archive: Fwd: Firewall-1 3.0b Session Agent

Fwd: Firewall-1 3.0b Session Agent

Aaron Goldblatt (aglistsgoldblatt.net)
Fri, 25 Sep 1998 14:08:20 -0500

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Next message: Appel, John: "Off-topic: Policy question"
Previous message: Rodney van den Oever: "Re: Netscape Proxy Server"

This appeared on BugTraq today and I'm curious to note its validity. I've
stripped the attached file.

Thanks.

Aaron Goldblatt
IBM CSE - eNetwork Firewall for AIX and NT
Trantor Technologies
817-314-0076

>From: Larry Pingree <larrypSECURE-IT.NET>
>Subject: Firewall-1 3.0b Session Agent
>To: BUGTRAQNETSPACE.ORG
>
>A problem exists in the Firewall-1 3.0b Session Agent
>
>All communications from the Firewall-1 Module to the session agent are
>non-encrypted. Thus also allowing these communication to be snooped for
>usernames and passwords.
>
>Along the same line, this allows any user to sniff the Firewall Module to
>Session Agent communications and replicate the data that is sent to the
>Session Agents listening port, thus prompting the user for usernames and
>passwords. Also, these communications can be easily replicated in a perl5
>script that I have seen that actually connects to the Session agent and
>prompts the user to add the firewall and then will ask the user for a
>username and password.
>
>Solution: None at this time. Checkpoint will need to issue a patch.
>
>
>Another "Security Risk" with the Session agent is that when a connection is
>made to the Session agent, the Session agent prompts the user to add the new
>Firewall Module to the Allowed list. The prompt does not display the
>requesting Firewall's location or IP address and does not issue any warnings
>to the client to verify the requesting Firewall's identity.
>
>Solution: None at this time. Checkpoint will need to issue a patch
>
>---------------------------------------------------------
>Larry Pingree, Senior Security Consultant
>Secure-IT, Inc
>E-mail: larrypsecure-it.net
>Phone: 619-272-0284
>http://www.secure-it.net/
>
> publishers of
> SecureVIEW
>Firewall-1 Reporting Software
>--------------------------------------------------------------------------

Next message: Appel, John: "Off-topic: Policy question"
Previous message: Rodney van den Oever: "Re: Netscape Proxy Server"

This archive was generated by hypermail 2.0b3 on Sat Jul 17 1999 - 07:11:47 CDT