Vulnerability Description
Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Checkpoint | Check Point Vpn | 1_4.1 |
| Checkpoint | Firewall-1 | 4.0 |
| Checkpoint | Next Generation | All versions |
References
- http://online.securityfocus.com/archive/1/260662Vendor Advisory
- http://www.iss.net/security_center/static/8423.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4253ExploitPatchVendor Advisory
- http://online.securityfocus.com/archive/1/260662Vendor Advisory
- http://www.iss.net/security_center/static/8423.phpPatchVendor Advisory
- http://www.securityfocus.com/bid/4253ExploitPatchVendor Advisory
FAQ
What is CVE-2002-0428?
CVE-2002-0428 is a vulnerability with a CVSS score of 7.5 (HIGH). Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows clients to bypass the "authentication timeout" by modifying the to_expire or expire values in the client's users.C configuration file.
How severe is CVE-2002-0428?
CVE-2002-0428 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0428?
Check the references section above for vendor advisories and patch information. Affected products include: Checkpoint Check Point Vpn, Checkpoint Firewall-1, Checkpoint Next Generation.