Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Security App Flaws :: win5176.htm

Checkpoint FW1 SecuRemote/SecureClient "re-authentication" bypass
9th Mar 2002 [SBWID-5176]

	Checkpoint FW1 SecuRemote/SecureClient \"re-authentication\" bypass


	Checkpoint FW1 4.0, 4.1 at any SP level,  and  NG  FP1  when  used  with


	Cedric Amand [] [] says :

	When using Checkpoint FW1 together  with  Remote  Users  connected  thru
	SecuRemote   and   SecureClient   firewall   administrators   have   the
	possibility to make these remote users re-authenticate after X minutes.

	This can be found in FW1\'s GUI inside :

	           Global Properties -> Desktop Security -> Validation timeout


	However, this  setting  can  be  trivially  bypassed  by  modifiyng  the
	*client side*,  inside  Securemote\'s  \"users.C\"  configuration  file.
	Values to modify are \"to_expire (true)\" and/or \"expire (60)\"

	Replacing \"true\" by \"false\" will  make  your  connection  permanent,
	Changing the expire timeout (in minutes) to your liking can be  used  as


	Patch should be comming anytime soon

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2019 AOH