[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Checkpoint FW1 SecuRemote/SecureClient "re-authentication" (client side hacks of users.C)
> When using Checkpoint FW1 together with Remote Users connected thru > SecuRemote and SecureClient > ( http://www.checkpoint.com/techsupport/downloads_sr.html ), > firewall administrators have the possibility to make these remote > users re-authenticate after X minutes. Cedric, Caching of static passwords is not a new vulnerability. The problem exists with User Authentication in that, even if the FW administrator requires re-authentication every so many minutes, the browser will simply cache the password and re-supply it when asked. Although it is silly to allow SR to cache these passwords, and even sillier to allow users to modify userc.C, one should not use static passwords in the first place. OTP prevent exactly this sort of problem. -don ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|