Support Center > Search Results > SecureKnowledge Details
Authenticating to SMB appliances using only the first 8 characters of the Administrator password is allowed Technical Level
  • Administrators who set their password while firmware R77.20.85, R77.20.86 or R77.20.87 (< Build 990172921) were installed, may authenticate to the SMB appliance using only the first 8 characters.

    For example, if the configured password is above 8 characters, then it is possible to access the appliance with the configured password as expected, but also with only the first 8 characters.


Administrator passwords which were created or changed while using R77.20.85 and later versions (mentioned earlier) are enforced with a weaker password hash algorithm than previous versions.

To upgrade password hash complexity, refer to the solution of this sk.


This problem was fixed. The fix is included in:

Check Point recommends to always upgrade to the most recent version (Check Point 700 appliance / Check Point 910 appliance / Check Point 1400 appliance).


Once upgrading, the configured passwords still remain with the weaker hash algorithm.

Therefore, it is required to change all the Administrators's passwords or re-create the Administrator users.

The following script can be executed in Expert mode in order to detect Administrator users with the weaker password hash:

while read p; do
user="$(echo $p | cut -d ":" -f 1)"
user_hash="$(echo $p | cut -d ":" -f 2)"
if [[ $user_hash == *"*"* || $user_hash == *"!"* || $user_hash == *"$"* ]]; then
echo $user
done < /etc/shadow


How to use the script:

  1. Copy the script to a notepad file and name it as you like, in our example it would be "admin_check".
  2. Change the extension of the notepad file to .sh
  3. Copy the file to /storage directory.
  4. Go to /storage directory, by executing the command "cd /storage" in Expert mode.
  5. Give the script execute privileges, by executing the command "chmod 700" in Expert mode.
  6. Convert the file to UNIX format, by executing the command "dos2unix" in Expert mode.
  7. Run the script, by executing the command ""
  8. The affected users will be printed to the screen.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document