Vigil@nce - Check Point Endpoint Security: brute force of Media Encryption EPM
December 2013 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
A local attacker can bypass the limit of number of authentication
failures of Media Encryption EPM of Check Point Endpoint Security,
in order to use a brute force attack, to access to the encrypted
device.
Impacted products: CheckPoint Endpoint Security
Severity: 2/4
Creation date: 03/12/2013
DESCRIPTION OF THE VULNERABILITY
The Media Encryption EPM Explorer product is used to access to
encrypted devices. It is impacted by two vulnerabilities.
An attacker can use several simultaneous instances of Unlock.exe,
in order to overcome the maximum limit of password trials.
[severity:2/4; BID-64026, CVE-2013-5635]
An attacker can move the DVREM.EPM file, in order to overcome the
maximum limit of password trials. [severity:2/4; BID-64024,
CVE-2013-5636]
A local attacker can therefore bypass the limit of number of
authentication failures of Media Encryption EPM of Check Point
Endpoint Security, in order to use a brute force attack, to access
to the encrypted device.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN