For the attack to be successful, the attacker's machine must be allowed to connect to the end user (client) machine, on which Check Point Session Authentication Agent is running.
Proper configuration requires the user to define on his computer the IP address of the Security Gateway, which is allowed to issue authentication requests to Session Authentication Agent running on the client machine.
Spoofing the Gateway IP address is not enough in this case, the attacker must complete a TCP handshake with the client's machine (3-way handshake) - this reduces the possibility of the attack.
Session Authentication Agent feature will be end-of-life in the next major release of Q4/2015-Q1/2016 (R80).
Customers are advised to use Identity Awareness Software Blade instead.
Check Point is grateful to Jakub Jozwiak for responsible disclosure of this issue.