Password is "encrypted" -- the encrypted password is 16 hex characters long. I'm not a crypto person, is there a way to attack the algorithm if you have the clear-text and the cipher-text?
I have been looking at the various FW-1 connections recently. Alot of information goes in the clear. In addition to the username, the permissions that user has, what appllication (policy editor, system status, or log viewer) they are using, whether they are using a motif client, what the key-method used is, etc.
I got bored and hacked together some code that sit and watches the wire and logs information about the various FW-1 control connections it sees.
I guess the danger is that someone can identify the GUI-clients, identify which users have read-write access...
-iden_fw
>From: "Allan Pratt"<[EMAIL PROTECTED]> >To: [EMAIL PROTECTED] >Subject: [FW1] Is GUI <=> Mgmt. server session encrytped? >Date: Thu, 22 Feb 2001 21:35:33 > > >Hello, > >When connecting from a GUI client to a Management Server, is the >user name >and password transmitted in the clear or is it encrypted? > >Thanks! > >/ap >_________________________________________________________________ >Get your FREE download of MSN Explorer at http://explorer.msn.com > > > >================================================================================ > To unsubscribe from this mailing list, please see the >instructions at > http://www.checkpoint.com/services/mailing.html >================================================================================Get your FREE download of MSN Explorer at http://explorer.msn.com
================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
