Fwd: Firewall-1 3.0b Session Agent

[Aaron Goldblatt <aglists () goldblatt net>]

This appeared on BugTraq today and I'm curious to note its validity.  I've
stripped the attached file.

Thanks.

Aaron Goldblatt
IBM CSE - eNetwork Firewall for AIX and NT
Trantor Technologies
817-314-0076

> From:  Larry Pingree <larryp () SECURE-IT NET>
> Subject:      Firewall-1 3.0b Session Agent
> To:    BUGTRAQ () NETSPACE ORG
>
> A problem exists in the Firewall-1 3.0b Session Agent
>
> All communications from the Firewall-1 Module to the session agent are
> non-encrypted. Thus also allowing these communication to be snooped for
> usernames and passwords.
>
> Along the same line, this allows any user to sniff the Firewall Module to
> Session Agent communications and replicate the data that is sent to the
> Session Agents listening port, thus prompting the user for usernames and
> passwords. Also, these communications can be easily replicated in a perl5
> script that I have seen that actually connects to the Session agent and
> prompts the user to add the firewall and then will ask the user for a
> username and password.
>
> Solution: None at this time. Checkpoint will need to issue a patch.
>
>
> Another "Security Risk" with the Session agent is that when a connection is
> made to the Session agent, the Session agent prompts the user to add the new
> Firewall Module to the Allowed list. The prompt does not display the
> requesting Firewall's location or IP address and does not issue any warnings
> to the client to verify the requesting Firewall's identity.
>
> Solution: None at this time. Checkpoint will need to issue a patch
>
> ---------------------------------------------------------
> Larry Pingree, Senior Security Consultant
> Secure-IT, Inc
> E-mail: larryp () secure-it net
> Phone:  619-272-0284
> http://www.secure-it.net/
>
>           publishers of
>           SecureVIEW
> Firewall-1 Reporting Software
> --------------------------------------------------------------------------