Support Center > Search Results > SecureKnowledge Details
Check Point response to Media Encryption EPM Explorer lockout bypass (CVE-2013-5635 and CVE-2013-5636)
Symptoms
  • Media Encryption EPM Explorer is a standalone application that provides access to encrypted media on machines without the Media Encryption product.

  • It is possible to bypass the password failure limit of the Media Encryption EPM Explorer application to perform brute force attacks (CVE-2013-5635 and CVE-2013-5636).

  • All versions of Media Encryption EPM Explorer are affected.
Solution

Check Point offers an improved client for this issue.

  1. Download the package with improved clients:

    Version Link
    Endpoint Security E80.41 Media Encryption & Port Protection Hotfix (ZIP)
    Endpoint Security E80.50 Media Encryption & Port Protection Hotfix (ZIP)

    Note: All other blades are not changed.

  2. Unpack the ZIP package with improved clients.

  3. Upload the improved client(s) to the Endpoint Security Management Server:

    1. Connect with SmartEndpoint GUI to the Endpoint Security Management Server.

    2. Go to the 'Deployment' tab - expand the 'Advanced Package Settings' - go to the 'Packages Repository'.

    3. Click one of these buttons:

      • 'Upload new version MSI...' - to upload a single MSI file.

      • 'Upload new version folder...' - to upload a folder containing multiple MIS packages.


  4. Deploy the improved client(s):

    1. Go to the 'Deployment' tab - go to the 'Software Deployment Rules'.

    2. Either create a new rule, or change the existing rule - 'Client Version'.

    3. Save the changes.

    4. Click on 'Install'.

    5. Select the Rules to install and then click on 'Install'.

 

Credits

Check Point is grateful to Pedro Andujar of http://www.digitalsec.net for responsible disclosure of this issue.

Applies To:
  • 01214993 , 01215008 , 01265865 , 01265884 , 01322306 , 01341507 , 01345297

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment