Weak X.509 Certificate Validation in Check Point Endpoint Security Product
CVE-2013-7304

Currently unrated

Key Information:

Vendor
Checkpoint
Vendor
CVE Published:
22 January 2014

Summary

The Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 lacks proper X.509 certificate validation for client devices. This deficiency enables attackers to execute man-in-the-middle attacks by impersonating SSL servers with arbitrary certificates during established client sessions. As a result, sensitive data transfer can be exposed, making it critical for organizations using this product to implement immediate remediation measures.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.