[原文]The seed generation mechanism in the inter-module S/Key authentication mechanism in Check Point VPN-1/FireWall-1 4.1 and earlier allows remote attackers to bypass authentication via a brute force attack, aka "One-time (s/key) Password Authentication."
[CNNVD]Check Point VPN-1/FireWall inter-module S/Key authentication mechanism seed generation mechanism认证绕过漏洞(CNNVD-200011-066)
Check Point FireWall-1 Localhost Authentication Spoofing
Remote / Network Access
Loss of Confidentiality,
Loss of Integrity
Check Point FireWall-1 contains a flaw that may allow a remote attacker to execute arbitrary commands or upload arbitrary configuration files. The issue is due to the firewall not explicitly requirin authentication from users coming from localhost (127.0.0.1). FireWall-1 filter modules obtain the IP address from the client data, not the TCP connection. If the system is configured not to require authentication for localhost, a remote attacker can spoof this address and execute commands without further authentication.
Upgrade to version 4.0 SP7, 4.1 SP2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.