Authentication Bypass Vulnerability in Check Point FireWall-1 by Check Point
CVE-2002-0428

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Check Point Vpn; Firewall-1; Next Generation
Vendor: CVE Published:; 12 August 2002

What is CVE-2002-0428?

The vulnerability allows clients using Check Point FireWall-1 SecuRemote and SecuClient 4.0 and 4.1 to bypass the authentication timeout mechanism. By manipulating the 'to_expire' or 'expire' values in the user's configuration file, attackers can extend their session without re-authentication, potentially exposing the system to unauthorized access.

References

http://www.iss.net/security_center/static/8423.php

vdb-entryx_refsource_XF

http://online.securityfocus.com/archive/1/260662

mailing-listx_refsource_BUGTRAQ

http://www.securityfocus.com/bid/4253

vdb-entryx_refsource_BID

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 12, 2002
Vulnerability Reserved
Jun 7, 2002

Checkpoint

What is CVE-2002-0428?

References

Timeline