Watchguard FireboxII Password Retrieval Vulnerability

FireboxII is a firewall package available from WatchGuard Technologies. FireboxII systems are developed in various sizes and strengths, and are available in different models to fit enterprise needs.

A problem with the firmware may allow remote users with read-only access to gain elevated privileges. The problem occurs in the handling of passwords by the FireboxII system. It is possible for a user with read-only access to the firewall to initiate an SSL connection through the proprietory libraries included with the administration tools. Upon connecting and executing the MPF command, a user can retrieve the binary /var/lib/mpf/keys.gz from flash memory which contains the hashed passwords of both the read-only and read-write. A remote user can then initiate connections through the library, using the hashed read-write password to modify configuration. This problem makes it possible for a user with malicious motives to gain control of the firewall, and allow access to resources which may be restricted, or potentially deny service to the network.


Privacy Statement
Copyright 2010, SecurityFocus