[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Is GUI <=> Mgmt. server session encrytped?
Username is transmitted in the clear
Password is "encrypted" -- the encrypted password is 16 hex characters long. I'm not a crypto person, is there a way to attack the algorithm if you have the clear-text and the cipher-text? I have been looking at the various FW-1 connections recently. Alot of information goes in the clear. In addition to the username, the permissions that user has, what appllication (policy editor, system status, or log viewer) they are using, whether they are using a motif client, what the key-method used is, etc. I got bored and hacked together some code that sit and watches the wire and logs information about the various FW-1 control connections it sees. I guess the danger is that someone can identify the GUI-clients, identify which users have read-write access...
-iden_fw >From: "Allan Pratt"Get your FREE download of MSN Explorer at http://explorer.msn.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|