Vigil@nce - Check Point Endpoint Security MI: certificate not checked
January 2014 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/offer
SYNTHESIS OF THE VULNERABILITY
An attacker can access to the Check Point Endpoint Security MI
service, without using a certificate.
Impacted products: CheckPoint Endpoint Security
Severity: 2/4
Creation date: 20/12/2013
DESCRIPTION OF THE VULNERABILITY
The Endpoint Security MI Server R73 product can be configured to
validate certificates.
However, this configuration directive is ignored, so certificates
are not checked.
An attacker can therefore access to the Check Point Endpoint
Security MI service, without using a certificate.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Check-Point-Endpoint-Security-MI-certificate-not-checked-13968