FireWall-1 allows remote "get topology" requests without authentication
| fw1-gettopo-noauth (5172) |  Low Risk |
Description:
The Check Point FireWall-1/VPN-1 SecuRemote client does not encrypt or authenticate connections to the SecuRemote Server, which could expose possibly sensitive network topology information to remote attackers. The client and server of SecuRemote support string authentication and encryption of this data, but by default permit weaker, less secure connections for backward compatibility. An attacker could take advantage of these weaker connections to obtain sensitive network topology information.
Consequences:
Obtain Information
Remedy:
Disable the FireWall-1 option "Respond to Unauthenticated Cleartext Topology Requests".
To disable this option from the FireWall-1 Policy Editor:
- Open the FireWall-1 Policy Editor.
- Select Policy —> Properties.
- Click the Desktop Security tab.
- Clear the "Respond to Unauthenticated Cleartext Topology Requests" check box.
References:
Platforms Affected:
- CheckPoint FireWall-1
- Microsoft Windows 2003 Server
Reported:
Not available
The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (IBM Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.
For corrections or additions please email xforce@iss.net