Bugtraq mailing list archives
RE: Check Point VPN-1 SecuRemote Flaw
From: "Gordon, Paul" <Paul.Gordon () getronics com>
Date: Wed, 24 Oct 2001 11:26:25 +0900
This has been a long-standing problem with SecuRemote. However, Checkpoint claims to have fixed the problem in VPN-1 Next Generation. Now a generic error message is received regardless of whether the username or password is incorrect (although I've not personally verified this). --------------------------------------------------------- Paul Gordon Getronics Solutions (S) PTE LTD Security Consultant 1 International Business Park The Synergy Ph: +65 890 2828 #02-14/15 Fax: +65 890 2888 Singapore 609917 Email: paul.gordon () getronics com --------------------------------------------------------- -----Original Message----- From: Kratter, Dave [mailto:dave () mimeo com] Sent: Wednesday, 24 October 2001 5:07 To: 'bugtraq () securityfocus com' Subject: Check Point VPN-1 SecuRemote Flaw Summary: SecuRemote will show whether a username is recognized during failed login attempts Versions Tested: 4.1 SP4 (4185) VPN+Strong for Windows 2000 4.1 SP4 (4185) VPN+Strong for Windows NT <snip>
Current thread:
- Check Point VPN-1 SecuRemote Flaw Kratter, Dave (Oct 23)
- <Possible follow-ups>
- RE: Check Point VPN-1 SecuRemote Flaw Gordon, Paul (Oct 23)
- RE: Check Point VPN-1 SecuRemote Flaw Andy Fiddaman (Oct 24)