Bugtraq mailing list archives
Re: Firewall-1 3.0b Session Agent
From: brooke () BPAUL COM (Brooke Paul)
Date: Fri, 25 Sep 1998 12:40:33 -0700
-----Original Message----- From: Larry Pingree [SMTP:larryp () secure-it net] A problem exists in the Firewall-1 3.0b Session Agent All communications from the Firewall-1 Module to the session agent are non-encrypted. Thus also allowing these communication to be snooped for usernames and passwords.
I think it's worth noting that Checkpoint states that the included Session Agent is a 'demo' and not officially supported. The real problem is the protocol they have defined. Even if you attempt to write a secure version it wouldn't interoperate with the firewall. Brooke
Current thread:
- Firewall-1 3.0b Session Agent Larry Pingree (Sep 24)
- <Possible follow-ups>
- Re: Firewall-1 3.0b Session Agent Brooke Paul (Sep 25)
- Re: Firewall-1 3.0b Session Agent Andrew Danforth (Sep 25)