[FW1] FW1 Session Auth exploit (fwd)

[BAILLEUX Christophe <cb@FW1-NOSPAMgrolier.fr>]

Have you any informations on this problem  ?

Bye.

--   
BAILLEUX Christophe - Responsable Securite                           
Grolier Interactive Europe OG / Club-Internet                   
Centre Serveur - Tel : 01.55.45.47.89
E-mail : cb@grolier.fr


---------- Forwarded message ----------
Date: Fri, 6 Oct 2000 05:05:47 GMT
From: gregory duchemin <c3rb3r@HOTMAIL.COM>
To: BUGTRAQ@SECURITYFOCUS.COM
Subject: FW1 Session Auth exploit

hi,

fwsa.sh is a bash tool i wrote to implement all the security holes on FW1
session auth recently posted on the mailing list.
It can be used to make a DOS on every machine inside a corporate network,
eventually to crash them but its first goal remain to recover user password
by guessing it or asking for it.
the last method is far more efficient (and not logged).
actually all NT and windows 9.x boxes are vulnerables and for all version of
FW1 ( 4.1 sp2 included ) because the flaw doesn't actually reside into the
code on itself but come from a misconfiguration of both FW or agent.
( Not true for fw 4.0 that has no feature for session encryption )
Solutions are to not allow plain text password in agents properties while
using encryption in FW session authentication rules ( fw 4.1 )
Another expensive solution exists in the "one time passwords" but whatever u
choose, use encryption.

Gregory Duchemin


_________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.

Share information about yourself, create your own public profile at
http://profiles.msn.com.

Attachment: fwsa.sh
Description: Bourne shell script