The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ssl_network_extender | Checkpoint | r80.20 (including) | r80.20 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_10 (including) | r80.20-take_10 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_103 (including) | r80.20-take_103 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_117 (including) | r80.20-take_117 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_118 (including) | r80.20-take_118 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_127 (including) | r80.20-take_127 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_134 (including) | r80.20-take_134 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_135 (including) | r80.20-take_135 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_138 (including) | r80.20-take_138 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_141 (including) | r80.20-take_141 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_149 (including) | r80.20-take_149 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_155 (including) | r80.20-take_155 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_156 (including) | r80.20-take_156 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_160 (including) | r80.20-take_160 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_161 (including) | r80.20-take_161 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_17 (including) | r80.20-take_17 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_173 (including) | r80.20-take_173 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_183 (including) | r80.20-take_183 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_187 (including) | r80.20-take_187 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_188 (including) | r80.20-take_188 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_190 (including) | r80.20-take_190 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_202 (including) | r80.20-take_202 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_203 (including) | r80.20-take_203 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_205 (including) | r80.20-take_205 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_208 (including) | r80.20-take_208 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_210 (including) | r80.20-take_210 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_211 (including) | r80.20-take_211 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_220 (including) | r80.20-take_220 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_33 (including) | r80.20-take_33 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_42 (including) | r80.20-take_42 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_47 (including) | r80.20-take_47 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_73 (including) | r80.20-take_73 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_74 (including) | r80.20-take_74 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_80 (including) | r80.20-take_80 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_87 (including) | r80.20-take_87 (including) |
Ssl_network_extender | Checkpoint | r80.20-take_91 (including) | r80.20-take_91 (including) |
Ssl_network_extender | Checkpoint | r80.20sp (including) | r80.20sp (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_105 (including) | r80.20sp-take_105 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_121 (including) | r80.20sp-take_121 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_163 (including) | r80.20sp-take_163 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_178 (including) | r80.20sp-take_178 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_191 (including) | r80.20sp-take_191 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_210 (including) | r80.20sp-take_210 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_240 (including) | r80.20sp-take_240 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_258 (including) | r80.20sp-take_258 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_266 (including) | r80.20sp-take_266 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_273 (including) | r80.20sp-take_273 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_279 (including) | r80.20sp-take_279 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_283 (including) | r80.20sp-take_283 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_295 (including) | r80.20sp-take_295 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_302 (including) | r80.20sp-take_302 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_304 (including) | r80.20sp-take_304 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_305 (including) | r80.20sp-take_305 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_306 (including) | r80.20sp-take_306 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_309 (including) | r80.20sp-take_309 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_310 (including) | r80.20sp-take_310 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_313 (including) | r80.20sp-take_313 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_314 (including) | r80.20sp-take_314 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_315 (including) | r80.20sp-take_315 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_317 (including) | r80.20sp-take_317 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_326 (including) | r80.20sp-take_326 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_327 (including) | r80.20sp-take_327 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_331 (including) | r80.20sp-take_331 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_332 (including) | r80.20sp-take_332 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_334 (including) | r80.20sp-take_334 (including) |
Ssl_network_extender | Checkpoint | r80.20sp-take_335 (including) | r80.20sp-take_335 (including) |
Ssl_network_extender | Checkpoint | r80.30 (including) | r80.30 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_107 (including) | r80.30-take_107 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_111 (including) | r80.30-take_111 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_135 (including) | r80.30-take_135 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_136 (including) | r80.30-take_136 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_140 (including) | r80.30-take_140 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_155 (including) | r80.30-take_155 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_163 (including) | r80.30-take_163 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_166 (including) | r80.30-take_166 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_168 (including) | r80.30-take_168 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_180 (including) | r80.30-take_180 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_19 (including) | r80.30-take_19 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_191 (including) | r80.30-take_191 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_195 (including) | r80.30-take_195 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_196 (including) | r80.30-take_196 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_210 (including) | r80.30-take_210 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_213 (including) | r80.30-take_213 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_214 (including) | r80.30-take_214 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_215 (including) | r80.30-take_215 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_217 (including) | r80.30-take_217 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_219 (including) | r80.30-take_219 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_221 (including) | r80.30-take_221 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_226 (including) | r80.30-take_226 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_227 (including) | r80.30-take_227 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_228 (including) | r80.30-take_228 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_232 (including) | r80.30-take_232 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_235 (including) | r80.30-take_235 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_236 (including) | r80.30-take_236 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_237 (including) | r80.30-take_237 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_241 (including) | r80.30-take_241 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_242 (including) | r80.30-take_242 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_245 (including) | r80.30-take_245 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_246 (including) | r80.30-take_246 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_251 (including) | r80.30-take_251 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_254 (including) | r80.30-take_254 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_50 (including) | r80.30-take_50 (including) |
Ssl_network_extender | Checkpoint | r80.30-take_76 (including) | r80.30-take_76 (including) |
Ssl_network_extender | Checkpoint | r80.30sp (including) | r80.30sp (including) |
Ssl_network_extender | Checkpoint | r80.30sp-take_101 (including) | r80.30sp-take_101 (including) |
Ssl_network_extender | Checkpoint | r80.30sp-take_31 (including) | r80.30sp-take_31 (including) |
Ssl_network_extender | Checkpoint | r80.30sp-take_32 (including) | r80.30sp-take_32 (including) |
Ssl_network_extender | Checkpoint | r80.30sp-take_45 (including) | r80.30sp-take_45 (including) |
Ssl_network_extender | Checkpoint | r80.30sp-take_49 (including) | r80.30sp-take_49 (including) |
Ssl_network_extender | Checkpoint | r80.30sp-take_56 (including) | r80.30sp-take_56 (including) |
Ssl_network_extender | Checkpoint | r80.30sp-take_73 (including) | r80.30sp-take_73 (including) |
Ssl_network_extender | Checkpoint | r80.30sp-take_75 (including) | r80.30sp-take_75 (including) |
Ssl_network_extender | Checkpoint | r80.30sp-take_82 (including) | r80.30sp-take_82 (including) |
Ssl_network_extender | Checkpoint | r80.30sp-take_97 (including) | r80.30sp-take_97 (including) |
Ssl_network_extender | Checkpoint | r80.40 (including) | r80.40 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_100 (including) | r80.40-take_100 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_102 (including) | r80.40-take_102 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_114 (including) | r80.40-take_114 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_118 (including) | r80.40-take_118 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_119 (including) | r80.40-take_119 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_120 (including) | r80.40-take_120 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_121 (including) | r80.40-take_121 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_125 (including) | r80.40-take_125 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_126 (including) | r80.40-take_126 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_131 (including) | r80.40-take_131 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_138 (including) | r80.40-take_138 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_139 (including) | r80.40-take_139 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_150 (including) | r80.40-take_150 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_153 (including) | r80.40-take_153 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_154 (including) | r80.40-take_154 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_156 (including) | r80.40-take_156 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_158 (including) | r80.40-take_158 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_161 (including) | r80.40-take_161 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_172 (including) | r80.40-take_172 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_173 (including) | r80.40-take_173 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_25 (including) | r80.40-take_25 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_38 (including) | r80.40-take_38 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_45 (including) | r80.40-take_45 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_48 (including) | r80.40-take_48 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_53 (including) | r80.40-take_53 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_54 (including) | r80.40-take_54 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_55 (including) | r80.40-take_55 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_65 (including) | r80.40-take_65 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_67 (including) | r80.40-take_67 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_69 (including) | r80.40-take_69 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_74 (including) | r80.40-take_74 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_77 (including) | r80.40-take_77 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_78 (including) | r80.40-take_78 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_83 (including) | r80.40-take_83 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_87 (including) | r80.40-take_87 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_89 (including) | r80.40-take_89 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_91 (including) | r80.40-take_91 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_92 (including) | r80.40-take_92 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_93 (including) | r80.40-take_93 (including) |
Ssl_network_extender | Checkpoint | r80.40-take_94 (including) | r80.40-take_94 (including) |
Ssl_network_extender | Checkpoint | r81 (including) | r81 (including) |
Ssl_network_extender | Checkpoint | r81-take_10 (including) | r81-take_10 (including) |
Ssl_network_extender | Checkpoint | r81-take_11 (including) | r81-take_11 (including) |
Ssl_network_extender | Checkpoint | r81-take_13 (including) | r81-take_13 (including) |
Ssl_network_extender | Checkpoint | r81-take_17 (including) | r81-take_17 (including) |
Ssl_network_extender | Checkpoint | r81-take_23 (including) | r81-take_23 (including) |
Ssl_network_extender | Checkpoint | r81-take_25 (including) | r81-take_25 (including) |
Ssl_network_extender | Checkpoint | r81-take_27 (including) | r81-take_27 (including) |
Ssl_network_extender | Checkpoint | r81-take_29 (including) | r81-take_29 (including) |
Ssl_network_extender | Checkpoint | r81-take_34 (including) | r81-take_34 (including) |
Ssl_network_extender | Checkpoint | r81-take_36 (including) | r81-take_36 (including) |
Ssl_network_extender | Checkpoint | r81-take_42 (including) | r81-take_42 (including) |
Ssl_network_extender | Checkpoint | r81-take_44 (including) | r81-take_44 (including) |
Ssl_network_extender | Checkpoint | r81-take_51 (including) | r81-take_51 (including) |
Ssl_network_extender | Checkpoint | r81-take_56 (including) | r81-take_56 (including) |
Ssl_network_extender | Checkpoint | r81-take_58 (including) | r81-take_58 (including) |
Ssl_network_extender | Checkpoint | r81-take_60 (including) | r81-take_60 (including) |
Ssl_network_extender | Checkpoint | r81-take_65 (including) | r81-take_65 (including) |
Ssl_network_extender | Checkpoint | r81-take_68 (including) | r81-take_68 (including) |
Ssl_network_extender | Checkpoint | r81-take_69 (including) | r81-take_69 (including) |
Ssl_network_extender | Checkpoint | r81-take_72 (including) | r81-take_72 (including) |
Ssl_network_extender | Checkpoint | r81-take_74 (including) | r81-take_74 (including) |
Ssl_network_extender | Checkpoint | r81.10 (including) | r81.10 (including) |
Ssl_network_extender | Checkpoint | r81.10-take_14 (including) | r81.10-take_14 (including) |
Ssl_network_extender | Checkpoint | r81.10-take_22 (including) | r81.10-take_22 (including) |
Ssl_network_extender | Checkpoint | r81.10-take_30 (including) | r81.10-take_30 (including) |
Ssl_network_extender | Checkpoint | r81.10-take_38 (including) | r81.10-take_38 (including) |
Ssl_network_extender | Checkpoint | r81.10-take_44 (including) | r81.10-take_44 (including) |
Ssl_network_extender | Checkpoint | r81.10-take_45 (including) | r81.10-take_45 (including) |
Ssl_network_extender | Checkpoint | r81.10-take_55 (including) | r81.10-take_55 (including) |
Ssl_network_extender | Checkpoint | r81.10-take_61 (including) | r81.10-take_61 (including) |
Ssl_network_extender | Checkpoint | r81.10-take_66 (including) | r81.10-take_66 (including) |
Ssl_network_extender | Checkpoint | r81.10-take_75 (including) | r81.10-take_75 (including) |
Ssl_network_extender | Checkpoint | r81.10-take_78 (including) | r81.10-take_78 (including) |
Ssl_network_extender | Checkpoint | r81.10-take_9 (including) | r81.10-take_9 (including) |
Common protection mechanisms include:
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]