Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attackers to bypass the device-locking protection mechanism by overwriting DVREM.EPM with a copy of itself after each few password guesses.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Endpoint_security | Checkpoint | e80 (including) | e80 (including) |
| Endpoint_security | Checkpoint | e80.10 (including) | e80.10 (including) |
| Endpoint_security | Checkpoint | e80.20 (including) | e80.20 (including) |
| Endpoint_security | Checkpoint | e80.30 (including) | e80.30 (including) |
| Endpoint_security | Checkpoint | e80.40 (including) | e80.40 (including) |
| Endpoint_security | Checkpoint | e80.41 (including) | e80.41 (including) |
| Endpoint_security | Checkpoint | e80.50 (including) | e80.50 (including) |
References
- http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt
- https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk96589
- http://www.digitalsec.net/stuff/explt+advs/CheckPoint_EndPoint_EPM_Explorer.txt
- https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=\u0026solutionid=sk96589