Showing 1 - 2 of 2

Files from Jakub Jozwiak

Check Point Session Authentication Agent 4.1 Missing Authentication: Posted Jan 28, 2014; Authored by Jakub Jozwiak; Check Point Session Authentication agent version 4.1 and higher contains a flaw which is caused by lack of peer authentication in SSL communication. Encrypted communication between agent and security gateway has been introduced due to several issues which were revealed in the previous versions (4.0 and lower) of the product. Research showed that it is still possible to exploit previously known vulnerabilities - gateway impersonation and credential stealing - even though communication between agent and security gateway is utilizing SSL. Proof of concept code included.; tags | exploit, vulnerability, proof of concept; systems | linux; advisories | CVE-2014-1673; SHA-256 | 72c58abdedbdd388c629229b4209b2ae54e94e204621503ea71431c315e26d46; Download | Favorite | View

Check Point ClusterXL Denial Of Service: Posted Sep 6, 2013; Authored by Jakub Jozwiak; When specially crafted CCP packets are sent to all Check Point ClusterXL cluster members, it can trigger confusion about the state of its peer(s) and leave everything in a Ready/Standby state. This leads to a denial of service where none of the cluster members will forward network traffic. Proof of concept code included.; tags | exploit, denial of service, proof of concept; systems | linux; SHA-256 | 9014e321a36912bf234746de8d04b90a702dba881ff69b247f73d9d7f73c13aa; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days