Bugtraq mailing list archives

RE: Check Point VPN-1 SecuRemote Flaw

From: "Gordon, Paul" <Paul.Gordon () getronics com>
Date: Wed, 24 Oct 2001 11:26:25 +0900

This has been a long-standing problem with SecuRemote. However, Checkpoint
claims to have fixed the problem in VPN-1 Next Generation. Now a generic
error message is received regardless of whether the username or password is
incorrect (although I've not personally verified this).

---------------------------------------------------------
Paul Gordon              Getronics Solutions (S) PTE LTD
Security Consultant      1 International Business Park
                         The Synergy
Ph:  +65 890 2828        #02-14/15
Fax: +65 890 2888        Singapore 609917

Email: paul.gordon () getronics com
---------------------------------------------------------

-----Original Message-----
From: Kratter, Dave [mailto:dave () mimeo com]
Sent: Wednesday, 24 October 2001 5:07
To: 'bugtraq () securityfocus com'
Subject: Check Point VPN-1 SecuRemote Flaw


Summary:
        SecuRemote will show whether a username is recognized during failed
login attempts

Versions Tested:
        4.1 SP4 (4185) VPN+Strong for Windows 2000
        4.1 SP4 (4185) VPN+Strong for Windows NT

<snip>

Current thread:

Check Point VPN-1 SecuRemote Flaw Kratter, Dave (Oct 23)
- <Possible follow-ups>
- RE: Check Point VPN-1 SecuRemote Flaw Gordon, Paul (Oct 23)
- RE: Check Point VPN-1 SecuRemote Flaw Andy Fiddaman (Oct 24)