Checkpoint Firewall-1 Valid Username Vulnerability

Solution:
Administrators can create a generic* account in the user database of FW-1 that will remedy this problem. This account will trigger on all usernames that have not been explicitly been defined in the user database and prevent an attacker from profiling the database.

This solution is not a vendor fix and was supplied by a bugtraq subscriber. Please see the reference section for the orignal message.



 

Privacy Statement
Copyright 2010, SecurityFocus