Weak X.509 Certificate Validation in Check Point Endpoint Security Product
CVE-2013-7304
Currently unrated
Key Information:
- Vendor
- Checkpoint
- Vendor
- CVE Published:
- 22 January 2014
Summary
The Check Point Endpoint Security MI Server through R73 3.0.0 HFA2.5 lacks proper X.509 certificate validation for client devices. This deficiency enables attackers to execute man-in-the-middle attacks by impersonating SSL servers with arbitrary certificates during established client sessions. As a result, sensitive data transfer can be exposed, making it critical for organizations using this product to implement immediate remediation measures.
References
Timeline
Vulnerability published
Vulnerability Reserved