From: Christopher Lyon (cslyon@netsvcs.com)
Date: Wed Jan 08 2003 - 19:53:00 EST
The version of IPSO that I am running 3.6 doesn't do what you are seeing
below. So I would suggest upgrading it. Also, if you are able to telnet
to the Nokia from the outside that is a bad thing! Since this box is
based on a UNIX/Linux variant it could potentially have a few issues
with enumeration and or issues with telnet or dictionary attacks. IPSO
is a hardened OS and is striped down to a basic level but there are a
few things still left on it. There are default accounts on the Nokia
they could be guessed. I would turn off telnet access, rename the
default accounts, rename fw1adm and enable SSH. SSH just to give a
little bit more security and the SSH daemon acts differently on bad user
names and passwords. I would also lock down outside access to this the
Nokia unless you need to remotely manage it. If you do need to manage it
I would at least put your IP's in an allow list and run your tests from
different addresses.
Hope that helps.
-----Original Message-----
From: Chris McNab [mailto:chris.mcnab@trustmatta.com]
Sent: Tuesday, January 07, 2003 4:55 PM
To: pen-test@securityfocus.com
Subject: Checkpoint FW-1 on Nokia - potential user enumeration bug?
Hey,
I was performing a pentest recently for a client, and found what seems
to be
a user enumeration bug within Nokia IPSO (unknown as to which version
and
patchlevel) running Checkpoint FW-1:
pipex-gw>telnet xxx.xxx.xxx.xxx
Trying xxx.xxx.xxx.xxx ... Open
IPSO (checkpointcharlie) (ttyp0)
login: root
Password:
Login incorrect
login: blah
Password:
Login incorrect
login: fw1adm
Password:
Password:
Login incorrect
login: fw1adm
Password:
Password:
Login incorrect
Login timed out after 300 seconds
[Connection to xxx.xxx.xxx.xxx closed by foreign host]
pipex-gw>
Obviously the fw1adm user exists, being the standard account under
FW-1..
but I was wondering if anyone had seen this before, or even if this
issue
had been addressed by Nokia?
Thanks,
Chris
Chris McNab
Technical Director
Matta Security Limited
18 Noel Street
London W1F 8GN
Tel: 08700 77 11 00
This e-mail was sent from Matta Security Limited. The information
contained
in this message is confidential, may be privileged, and is intended for
the
addressee(s) only. If you have received this message in error please
notify
the originator immediately. The unauthorised use, disclosure, copying or
alteration of this message is strictly forbidden. Matta Security Limited
does not warrant that any attachments are free from viruses or other
defects. Matta Security Limited will not be liable for direct, special,
indirect or consequential damages arising from alteration of the
contents of
this message by a third party or as a result of any virus being passed
on.
------------------------------------------------------------------------
---- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:26 EDT