Published: 11/12/2000 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 760

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Check Point Firewall-1 session agent 3.0 up to and including 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote malicious users to determine valid usernames and guess a password via a brute force attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
checkpoint firewall-1 3.0
checkpoint firewall-1 4.0
checkpoint firewall-1 4.1

source: wwwsecurityfocuscom/bid/1662/info A vulnerability exists in all versions of the Check Point Session Agent, part of Firewall-1 Session Agent works in such a way that the firewall will establish a connection back to the client machine Upon doing so, it will prompt for a username, and if the username exists, a password Upon failu ...

source: wwwsecurityfocuscom/bid/1662/info A vulnerability exists in all versions of the Check Point Session Agent, part of Firewall-1 Session Agent works in such a way that the firewall will establish a connection back to the client machine Upon doing so, it will prompt for a username, and if the username exists, a password Upon failur ...

NVD-CWE-Other http://www.securityfocus.com/bid/1662 http://www.securityfocus.com/archive/1/76389 https://nvd.nist.gov https://www.exploit-db.com/exploits/20216/

CVE-2000-1037

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect