Support Center > Search Results > SecureKnowledge Details
Support Center
The information you are about to copy is INTERNAL! DO NOT share it with anyone outside Check Point.
 Print    Email
Check Point response to Session Authentication Agent vulnerability

Solution ID: sk98263
Severity: Medium
Product: Security Gateway
Version: All
Platform / Model: All
Date Created: 22-Jan-2014
Last Modified: 09-Feb-2014
Rate this document
[1=Worst,5=Best]
Symptoms
  • Check Point Session Authentication Agent is vulnerable to user credentials disclosure.

  • The attack is possible from within the internal network.

  • All versions are vulnerable.
Solution

For the attack to be successful, the attacker's machine must be allowed to connect to the end user (client) machine, on which Check Point Session Authentication Agent is running.

Proper configuration requires the user to define on his computer the IP address of the Security Gateway, which is allowed to issue authentication requests to Session Authentication Agent running on the client machine.

Spoofing the Gateway IP address is not enough in this case, the attacker must complete a TCP handshake with the client's machine (3-way handshake) - this reduces the possibility of the attack.

Session Authentication Agent feature will be end-of-life in the next major release of 2014.

Customers are advised to use Identity Awareness Software Blade instead.

Credits:
Check Point is grateful to Jakub Jozwiak for responsible disclosure of this issue.


Give us Feedback
Rate this document
[1=Worst,5=Best]
Additional comments...(Max 2000 characters allowed)
Characters left: 2000