Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0428

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-0428
Last Modified 05 Sep 2008 04:28:00
Published 12 Aug 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-0428

Summary

Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.

Vulnerable Systems

Application

  • Checkpoint Check Point Vpn 1 4.1

  • Checkpoint Check Point Vpn 1 4.1 Sp1

  • Checkpoint Check Point Vpn 1 4.1 Sp2

  • Checkpoint Check Point Vpn 1 4.1 Sp3

  • Checkpoint Check Point Vpn 1 4.1 Sp4

  • Checkpoint Firewall-1 4.0

  • Checkpoint Firewall-1 4.1

  • Checkpoint Next Generation


References

BID - 4253

XF - fw1-authentication-bypass-timeouts(8423)

BUGTRAQ - 20020308 Checkpoint FW1 SecuRemote/SecureClient "re-authentication" (client side hacks of users.C)


Last Updated: 27 May 2016 10:36:54