In association with heise online

13 February 2008, 09:22

Checkpoint's SecureClient reveals logon information

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

There is a vulnerability in the "Auto Local Logon" option of Checkpoint's SecureClient, which allows users to obtain the VPN logon information of other system users. The application stores credentials in the registry (HKLM\Software\Checkpoint\SecuRemote), without setting proper access rights. These may therefore be viewed by anyone. Systems affected are VPN-1 SecuRemote/SecureClient NGX R60 and NGAI R56 for Windows. An update fixes the problem.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit