Details of VAR-200208-0021

ID

VAR-200208-0021

CVE

CVE-2002-0428

TITLE

Check Point FW-1 SecuClient/SecuRemote Client Design Vulnerability

Trust: 0.9

sources: BID: 4253 // CNNVD: CNNVD-200208-186

DESCRIPTION

Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file. Check Point Firewall-1 is a popular firewall package available from Checkpoint Software Technologies. SecuClient/SecuRemote are VPN-1 implementations for Check Point Firewall-1 products. It is possible to configure a timeout value for cached user credentials. This value is stored on client systems and can be modified by users of client systems. If security policy includes a time limit on cached credentials, malicious authenticated users may bypass the policy by modifying the value. Depending on the operating system of the client host, local administrative privileges on the client host may be required to modify the configuration file. In addition to the timeout values, other sensitive information is reportedly stored on client systems. Further details are not known at this time. SecuClient/SecuRemote is the VPN-1 implementation in the Firewall-1 product. SecuClient/SecuRemote is flawed in design, allowing client-local attackers to bypass certain server-side settings. SecuClient/SecuRemote allows the server to set the time limit for caching authentication information, and if the time limit is exceeded, it will be forced to log in again

Trust: 1.26

sources: NVD: CVE-2002-0428 // BID: 4253 // VULHUB: VHN-4821

AFFECTED PRODUCTS

vendor:	checkpoint	model:	firewall-1	scope:	eq	version:	4.0	Trust: 1.6
vendor:	checkpoint	model:	firewall-1	scope:	eq	version:	4.1	Trust: 1.6
vendor:	checkpoint	model:	check point vpn	scope:	eq	version:	1_4.1	Trust: 1.0
vendor:	checkpoint	model:	check point vpn	scope:	eq	version:	1_4.1_sp1	Trust: 1.0
vendor:	checkpoint	model:	next generation	scope:	eq	version:	*	Trust: 1.0
vendor:	checkpoint	model:	check point vpn	scope:	eq	version:	1_4.1_sp2	Trust: 1.0
vendor:	checkpoint	model:	check point vpn	scope:	eq	version:	1_4.1_sp4	Trust: 1.0
vendor:	checkpoint	model:	check point vpn	scope:	eq	version:	1_4.1_sp3	Trust: 1.0
vendor:	checkpoint	model:	next generation	scope:	-	version:	-	Trust: 0.6
vendor:	check	model:	point software vpn-1 sp4	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp3	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp2	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1 sp1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software vpn-1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software nokia voyager	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp5	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp4	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp3	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp2	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1	scope:	eq	version:	4.1	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp8	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp7	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp6	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp5	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp4	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp3	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp2	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1 sp1	scope:	eq	version:	4.0	Trust: 0.3
vendor:	check	model:	point software firewall-1	scope:	eq	version:	4.0	Trust: 0.3

sources: BID: 4253 // CNNVD: CNNVD-200208-186 // NVD: CVE-2002-0428

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2002-0428
value:	HIGH
Trust: 1.0
CNNVD:	CNNVD-200208-186
value:	HIGH
Trust: 0.6
VULHUB:	VHN-4821
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2002-0428
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-4821
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-4821 // CNNVD: CNNVD-200208-186 // NVD: CVE-2002-0428

PROBLEMTYPE DATA

problemtype:

NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-2002-0428

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200208-186

TYPE

Design Error

Trust: 0.9

sources: BID: 4253 // CNNVD: CNNVD-200208-186

EXTERNAL IDS

db:	NVD	id:	CVE-2002-0428	Trust: 2.0
db:	BID	id:	4253	Trust: 2.0
db:	CNNVD	id:	CNNVD-200208-186	Trust: 0.7
db:	BUGTRAQ	id:	20020308 CHECKPOINT FW1 SECUREMOTE/SECURECLIENT "RE-AUTHENTICATION" (CLIENT SIDE HACKS OF USERS.C)	Trust: 0.6
db:	XF	id:	1	Trust: 0.6
db:	VULHUB	id:	VHN-4821	Trust: 0.1

sources: VULHUB: VHN-4821 // BID: 4253 // CNNVD: CNNVD-200208-186 // NVD: CVE-2002-0428

REFERENCES

url:	http://www.securityfocus.com/bid/4253	Trust: 2.7
url:	http://online.securityfocus.com/archive/1/260662	Trust: 2.7
url:	http://www.iss.net/security_center/static/8423.php	Trust: 2.7

sources: VULHUB: VHN-4821 // CNNVD: CNNVD-200208-186 // NVD: CVE-2002-0428

CREDITS

Cedric Amand※ mailing-lists@cedric.net

Trust: 0.6

sources: CNNVD: CNNVD-200208-186

SOURCES

db:	VULHUB	id:	VHN-4821
db:	BID	id:	4253
db:	CNNVD	id:	CNNVD-200208-186
db:	NVD	id:	CVE-2002-0428

LAST UPDATE DATE

2024-11-22T21:18:21.834000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-4821	date:	2008-09-05T00:00:00
db:	BID	id:	4253	date:	2009-07-11T10:56:00
db:	CNNVD	id:	CNNVD-200208-186	date:	2006-09-05T00:00:00
db:	NVD	id:	CVE-2002-0428	date:	2024-11-20T23:39:04.187

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-4821	date:	2002-08-12T00:00:00
db:	BID	id:	4253	date:	2002-03-08T00:00:00
db:	CNNVD	id:	CNNVD-200208-186	date:	2002-03-08T00:00:00
db:	NVD	id:	CVE-2002-0428	date:	2002-08-12T04:00:00