This is a multi-part message in MIME format. ------=_NextPart_000_002E_01BDE7AD.0842DCC0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit A problem exists in the Firewall-1 3.0b Session Agent All communications from the Firewall-1 Module to the session agent are non-encrypted. Thus also allowing these communication to be snooped for usernames and passwords. Along the same line, this allows any user to sniff the Firewall Module to Session Agent communications and replicate the data that is sent to the Session Agents listening port, thus prompting the user for usernames and passwords. Also, these communications can be easily replicated in a perl5 script that I have seen that actually connects to the Session agent and prompts the user to add the firewall and then will ask the user for a username and password. Solution: None at this time. Checkpoint will need to issue a patch. Another "Security Risk" with the Session agent is that when a connection is made to the Session agent, the Session agent prompts the user to add the new Firewall Module to the Allowed list. The prompt does not display the requesting Firewall's location or IP address and does not issue any warnings to the client to verify the requesting Firewall's identity. Solution: None at this time. Checkpoint will need to issue a patch --------------------------------------------------------- Larry Pingree, Senior Security Consultant Secure-IT, Inc E-mail: larryp@secure-it.net Phone: 619-272-0284 http://www.secure-it.net/ publishers of SecureVIEW Firewall-1 Reporting Software -------------------------------------------------------------------------- ------=_NextPart_000_002E_01BDE7AD.0842DCC0 Content-Type: application/x-pkcs7-signature; name="smime.p7s" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="smime.p7s" MIAGCSqGSIb3DQEHAqCAMIACAQExCzAJBgUrDgMCGgUAMIAGCSqGSIb3DQEHAQAAoIIIBjCCAj0w ggGmAhEAulrJTAU7ktantt9O0FOSDTANBgkqhkiG9w0BAQIFADBfMQswCQYDVQQGEwJVUzEXMBUG A1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVibGljIFByaW1hcnkgQ2Vy dGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTYwMTI5MDAwMDAwWhcNMDQwMTA3MjM1OTU5WjBfMQsw CQYDVQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVi bGljIFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwgZ8wDQYJKoZIhvcNAQEBBQADgY0A MIGJAoGBALZai6MNaiODgGvPOYf0IRMzBkwlou1VEpfFp4C5+oPBIKD6LxUNfKFga355LPoGDzqu 9htvsdL/LyhSX4N9S8R6t/hmH4BU/LfCjllKFFdG0ZqTvkGRA7sVgJNc6+fMCGw/PrNK/P9LbCPV UIImRBmOI8Nx6hkkRwSedb/IpgAfAgMBAAEwDQYJKoZIhvcNAQECBQADgYEAtgAfk1ekB6dAzmVA P1Ve7e/6VEmlMNYhfGGH7oOTC7+0M/KYrJ8Gv06ozhSBTMsETljDz1/ufNeab8tBird/gbj/hGHG J0NlHQzssQAK3Ruku8d4ICiyot02lS7hVE+/YLl3aBGZI+jqUuiqAE5nTruQtUWbRuuOFu/EM1sz PdUwggKRMIIB+qADAgECAhEAnARJLhIMCX3uRvua5rzfqjANBgkqhkiG9w0BAQIFADBfMQswCQYD VQQGEwJVUzEXMBUGA1UEChMOVmVyaVNpZ24sIEluYy4xNzA1BgNVBAsTLkNsYXNzIDIgUHVibGlj IFByaW1hcnkgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNOTcxMDEzMDAwMDAwWhcNMDIxMDEz MjM1OTU5WjBDMREwDwYDVQQKEwhWZXJpU2lnbjEuMCwGA1UECxMlVmVyaVNpZ24gQ2xhc3MgMiBP blNpdGUgSW5kaXZpZHVhbCBDQTCBnTANBgkqhkiG9w0BAQEFAAOBiwAwgYcCgYEA3CqZnW4z/LtB dsQ5Ho33dueQD3RVYWFyPPg3SxsfCOkwHXDFFolgM0ZIf8bQmj12mMOhwaxS0Re5FARphlxhT7Nl ZYtjou4hfEGvrXJAw02Rs0m+mPtXx1ousEun7wkk84GdOMWS2kqnmFGp2DB2LWrWry9+2xEqhftl YFpF6BsCAQOjazBpMDYGA1UdIAQvMC0wKwYLYIZIAYb4RQEHAQEwHDAaBggrBgEFBQcCAQQOYWFh YWFhYWFhYWFhYWEwDwYDVR0TBAgwBgEB/wIBADALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEBBAQD AgEGMA0GCSqGSIb3DQEBAgUAA4GBAHCE+skG8m7Qn1cjdlhJAR/3ugeMIpb90+UTT+PoHKHDwSaS TO4fsNFWWggRDeb3bN2TIQVWQ7vtCP3qWdHGAQpQ7HUC3qhiOxGZrSp5YXsf8aUWBKY+3EnFRGCE ThdHlNMhM2g6hNQRsxt1SJBlRXo1jXvAerTGTQi0JXQxCcSAMIIDLDCCApWgAwIBAgIQIQaN5eiV a088P+uEVWu3iDANBgkqhkiG9w0BAQQFADBDMREwDwYDVQQKEwhWZXJpU2lnbjEuMCwGA1UECxMl VmVyaVNpZ24gQ2xhc3MgMiBPblNpdGUgSW5kaXZpZHVhbCBDQTAeFw05ODA4MTEwMDAwMDBaFw05 OTA4MTEyMzU5NTlaMIHTMRcwFQYDVQQKFA5TZWN1cmVJVCwgSW5jLjEMMAoGA1UECxQDUEtJMUYw RAYDVQQLEz13d3cudmVyaXNpZ24uY29tL3JlcG9zaXRvcnkvQ1BTIEluY29ycC4gYnkgUmVmLixM SUFCLkxURChjKTk2MSAwHgYDVQQMExdTci4gU2VjdXJpdHkgQ29uc3VsdGFudDEbMBkGA1UEAxMS TGF3cmVuY2UgQSBQaW5ncmVlMSMwIQYJKoZIhvcNAQkBFhRsYXJyeXBAc2VjdXJlLWl0Lm5ldDBc MA0GCSqGSIb3DQEBAQUAA0sAMEgCQQDHqtP1QibBu6QOP1SorWm9tAtlO3rOS4UtHsDq5zfwVpow O8b9crn6o8UpTH3U7NdQpQZ0xoXtLVJqwCQTDctpAgMBAAGjgdMwgdAwCQYDVR0TBAIwADCBrwYD VR0gBIGnMIAwgAYLYIZIAYb4RQEHAQEwgDAoBggrBgEFBQcCARYcaHR0cHM6Ly93d3cudmVyaXNp Z24uY29tL0NQUzBiBggrBgEFBQcCAjBWMBUWDlZlcmlTaWduLCBJbmMuMAMCAQEaPVZlcmlTaWdu J3MgQ1BTIGluY29ycC4gYnkgcmVmZXJlbmNlIGxpYWIuIGx0ZC4gKGMpOTcgVmVyaVNpZ24AAAAA AAAwEQYJYIZIAYb4QgEBBAQDAgeAMA0GCSqGSIb3DQEBBAUAA4GBACdJG9AAvDNTUeigXllD+bIq B6HuPR1z4DBKT1OBMe2cKkaYW3ijUJulmqQs7COF7Ls7aGAcRpfaQYIsxYnlfogrnSMRm2dvfPxJ p7rVQh7g9i4+smZRFy3WRsB/LEZJV35XdKPZiBdhB2FK8hxt3BRc8WfwoLLKn69uTW23imp6MYIB RTCCAUECAQEwVzBDMREwDwYDVQQKEwhWZXJpU2lnbjEuMCwGA1UECxMlVmVyaVNpZ24gQ2xhc3Mg MiBPblNpdGUgSW5kaXZpZHVhbCBDQQIQIQaN5eiVa088P+uEVWu3iDAJBgUrDgMCGgUAoIGGMBgG CSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8XDTk4MDkyNDExMTgxOFowIwYJ KoZIhvcNAQkEMRYEFJYwDmMo0rSNyKBTdHuixiZI/5UNMCcGCSqGSIb3DQEJDzEaMBgwDQYIKoZI hvcNAwICASgwBwYFKw4DAh0wDQYJKoZIhvcNAQEBBQAEQHgAgAaQ8umU8dbO3p83QaI84wqwvAo7 QV8n16anZyMTVic9YIpq5lkY3qwIBnSczZuicMXkBa+L4kV+0OH613AAAAAAAAA= ------=_NextPart_000_002E_01BDE7AD.0842DCC0--
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:17:38 PDT