CVE-2000-1037
published 2000-12-11CVE-2000-1037: Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote…
PriorityP423high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
3.35%
87.2th percentile
Check Point Firewall-1 session agent 3.0 through 4.1 generates different error messages for invalid user names versus invalid passwords, which allows remote attackers to determine valid usernames and guess a password via a brute force attack.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| checkpoint | firewall-1 | — | — |
| checkpoint | firewall-1 | — | — |
| checkpoint | firewall-1 | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Check Point Software Firewall-1 3.0/1 4.0/1 4.1 - Session Agent Dictionary Attack (2)
exploitdb·2000-10-01
CVE-2000-1037 Check Point Software Firewall-1 3.0/1 4.0/1 4.1 - Session Agent Dictionary Attack (2)
Check Point Software Firewall-1 3.0/1 4.0/1 4.1 - Session Agent Dictionary Attack (2)
---
source: https://www.securityfocus.com/bid/1662/info
A vulnerability exists in all versions of the Check Point Session Agent, part of Firewall-1. Session Agent works in such a way that the firewall will establish a connection back to the client machine. Upon doing so, it will prompt for a username, and if the username exists, a password. Upon failure, it will reprompt indefinitely. This allows for a simple brute force attack against the username and password.
#!/bin/bash
#
# Fwsa (FW-1 session auth), tested on linux 2.4.0 beta
# ( Swiss army knife for FW-1 Session authentication. )
#
# successfully tested against Session Authentication Agents 4.0 & 4.1
# and Firewall-1 module 4.0
#
# please don't
Exploit-DB
Check Point Software Firewall-1 3.0/1 4.0/1 4.1 - Session Agent Dictionary Attack (1)
exploitdb·2000-08-15
CVE-2000-1037 Check Point Software Firewall-1 3.0/1 4.0/1 4.1 - Session Agent Dictionary Attack (1)
Check Point Software Firewall-1 3.0/1 4.0/1 4.1 - Session Agent Dictionary Attack (1)
---
source: https://www.securityfocus.com/bid/1662/info
A vulnerability exists in all versions of the Check Point Session Agent, part of Firewall-1. Session Agent works in such a way that the firewall will establish a connection back to the client machine. Upon doing so, it will prompt for a username, and if the username exists, a password. Upon failure, it will reprompt indefinitely. This allows for a simple brute force attack against the username and password.
#!/usr/bin/perl -w
#
# File : brute-fw1-agent.pl
# Author: Nelson Brito
#
# Untested code, use on your own risc.
#
use Socket;
$c = 0; $port = 261; #$proto = getprotobyname('tcp');
socket(FAGENT, PF_INET, SOCK_STREAM, getprotobyname("tcp"))
No writeups or analysis indexed.
2000-12-11
Published