This has been a long-standing problem with SecuRemote. However, Checkpoint
claims to have fixed the problem in VPN-1 Next Generation. Now a generic
error message is received regardless of whether the username or password is
incorrect (although I've not personally verified this).
---------------------------------------------------------
Paul Gordon Getronics Solutions (S) PTE LTD
Security Consultant 1 International Business Park
The Synergy
Ph: +65 890 2828 #02-14/15
Fax: +65 890 2888 Singapore 609917
Email: paul.gordon@getronics.com
---------------------------------------------------------
-----Original Message-----
From: Kratter, Dave [mailto:dave@mimeo.com]
Sent: Wednesday, 24 October 2001 5:07
To: 'bugtraq@securityfocus.com'
Subject: Check Point VPN-1 SecuRemote Flaw
Summary:
SecuRemote will show whether a username is recognized during failed
login attempts
Versions Tested:
4.1 SP4 (4185) VPN+Strong for Windows 2000
4.1 SP4 (4185) VPN+Strong for Windows NT
<snip>
