Check Point VPN-1 SecuRemote/SecureClient Registry Information Disclosure
Local Access Required
Loss of Confidentiality
VPN-1 SecuRemote/SecureClient contains a flaw that may lead to an unauthorized password exposure. It is possible to gain access to encrypted passwords due to incorrect permissions on the HKLM/SOFTWARE/Checkpoint/SecureRemote/Credentials/ registry key, which may lead to a loss of confidentiality.
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
Disable the AutoLogon feature (disabled by default)