Bugtraq mailing list archives

Re: Firewall-1 3.0b Session Agent

From: brooke () BPAUL COM (Brooke Paul)
Date: Fri, 25 Sep 1998 12:40:33 -0700

-----Original Message-----
From: Larry Pingree [SMTP:larryp () secure-it net]

A problem exists in the Firewall-1 3.0b Session Agent

All communications from the Firewall-1 Module to the session agent are
non-encrypted. Thus also allowing these communication to be snooped for
usernames and passwords.


  I think it's worth noting that Checkpoint states that the included
Session Agent is a 'demo' and not officially supported.  The real problem
is the protocol they have defined.  Even if you attempt to write a secure
version it wouldn't interoperate with the firewall.

        Brooke

Current thread:

Firewall-1 3.0b Session Agent Larry Pingree (Sep 24)
- <Possible follow-ups>
- Re: Firewall-1 3.0b Session Agent Brooke Paul (Sep 25)
  - Re: Firewall-1 3.0b Session Agent Andrew Danforth (Sep 25)