Support Center > Search Results > SecureKnowledge Details
Check Point response to security advisory about password hashes in UTM-1 Edge/Edge N appliance
Symptoms
  • On November 29, 2009, Hurricane Labs published an advisory about predictability of user password hashes on Check Point UTM-1 Edge.
  • We rate the severity of this vulnerability as low. Customers are not at risk.
Solution

When an administrator exports internal users on UTM-1 Edge, he can see their obscured passwords.
The only users who are allowed to export the UTM-1 Edge configuration are administrators with Read/Write permissions. These administrators have the ability to obtain the obscured passwords of other administrators.
Administrator should keep the exported information protected.

This issue is mitigated by the following factors:

  • In most cases, there is only one Read/Write administrator defined on the UTM-1 Edge appliance. Therefore, no information that is not known to that administrator can be disclosed.
  • In a managed UTM-1 Edge appliance, the local administrator is usually not used. Instead, the features are remotely managed from the SmartCenter.
  • If several Read/Write administrators are needed, one can choose not to define them on the UTM-1 Edge itself, but use RADIUS authentication.
  • A user can also choose to add the gateway to a community with user-authentication; in this case as well, the users will not be defined on the UTM-1 Edge, but rather on the SmartCenter.

Credits: Check Point thanks Bill Mathews of Hurricane Labs for responsible disclosure of this issue.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment