Vulnerability Description
The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control permissions, which allows local users to gain privileges by reading and reusing the credentials.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Checkpoint | Vpn-1 Secureclient | ngai_r56 |
Related Weaknesses (CWE)
References
- http://digihax.com/Not Applicable
- http://secunia.com/advisories/28820Broken Link
- http://securityreason.com/securityalert/3627Broken Link
- http://www.securityfocus.com/archive/1/487735/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/27675Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1019317Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2008/0475Permissions Required
- https://usercenter.checkpoint.com/usercenter/portal/user/anon/page/supportCenterNot Applicable
- http://digihax.com/Not Applicable
- http://secunia.com/advisories/28820Broken Link
- http://securityreason.com/securityalert/3627Broken Link
- http://www.securityfocus.com/archive/1/487735/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
- http://www.securityfocus.com/bid/27675Broken LinkThird Party AdvisoryVDB Entry
- http://www.securitytracker.com/id?1019317Broken LinkThird Party AdvisoryVDB Entry
- http://www.vupen.com/english/advisories/2008/0475Permissions Required
FAQ
What is CVE-2008-0662?
CVE-2008-0662 is a vulnerability with a CVSS score of 7.8 (HIGH). The Auto Local Logon feature in Check Point VPN-1 SecuRemote/SecureClient NGX R60 and R56 for Windows caches credentials under the Checkpoint\SecuRemote registry key, which has Everyone/Full Control p...
How severe is CVE-2008-0662?
CVE-2008-0662 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-0662?
Check the references section above for vendor advisories and patch information. Affected products include: Checkpoint Vpn-1 Secureclient.