Bugtraq mailing list archives
FW1 Session Auth exploit
From: gregory duchemin <c3rb3r () HOTMAIL COM>
Date: Fri, 6 Oct 2000 05:05:47 GMT
hi, fwsa.sh is a bash tool i wrote to implement all the security holes on FW1 session auth recently posted on the mailing list. It can be used to make a DOS on every machine inside a corporate network, eventually to crash them but its first goal remain to recover user password by guessing it or asking for it. the last method is far more efficient (and not logged). actually all NT and windows 9.x boxes are vulnerables and for all version of FW1 ( 4.1 sp2 included ) because the flaw doesn't actually reside into the code on itself but come from a misconfiguration of both FW or agent. ( Not true for fw 4.0 that has no feature for session encryption ) Solutions are to not allow plain text password in agents properties while using encryption in FW session authentication rules ( fw 4.1 ) Another expensive solution exists in the "one time passwords" but whatever u choose, use encryption. Gregory Duchemin _________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com. Share information about yourself, create your own public profile at http://profiles.msn.com.
Attachment:
fwsa.sh
Description:
Current thread:
- FW1 Session Auth exploit gregory duchemin (Oct 06)