Check Point FireWall-1 OPSEC Authentication Bypass
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Check Point FireWall-1 contains a flaw thta may allow a remote attacker to bypass authentication. The issue is due to a flaw in the OPSEC (FWN1) authentication implementation. If an attacker intiates an OPSEC connection the server sends a random number, hash of the number and a shared secret key. If the attacker takes this information and sends it back to the server, it will not require further authentication.
Upgrade to version 4.0 SP7, 4.1 SP2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.