CVE Vulnerabilities

CVE-2022-23746

Improper Restriction of Excessive Authentication Attempts

Published: Nov 30, 2022 | Modified: Nov 21, 2024
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.

Weakness

The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.

Affected Software

Name Vendor Start Version End Version
Ssl_network_extender Checkpoint r80.20 (including) r80.20 (including)
Ssl_network_extender Checkpoint r80.20-take_10 (including) r80.20-take_10 (including)
Ssl_network_extender Checkpoint r80.20-take_103 (including) r80.20-take_103 (including)
Ssl_network_extender Checkpoint r80.20-take_117 (including) r80.20-take_117 (including)
Ssl_network_extender Checkpoint r80.20-take_118 (including) r80.20-take_118 (including)
Ssl_network_extender Checkpoint r80.20-take_127 (including) r80.20-take_127 (including)
Ssl_network_extender Checkpoint r80.20-take_134 (including) r80.20-take_134 (including)
Ssl_network_extender Checkpoint r80.20-take_135 (including) r80.20-take_135 (including)
Ssl_network_extender Checkpoint r80.20-take_138 (including) r80.20-take_138 (including)
Ssl_network_extender Checkpoint r80.20-take_141 (including) r80.20-take_141 (including)
Ssl_network_extender Checkpoint r80.20-take_149 (including) r80.20-take_149 (including)
Ssl_network_extender Checkpoint r80.20-take_155 (including) r80.20-take_155 (including)
Ssl_network_extender Checkpoint r80.20-take_156 (including) r80.20-take_156 (including)
Ssl_network_extender Checkpoint r80.20-take_160 (including) r80.20-take_160 (including)
Ssl_network_extender Checkpoint r80.20-take_161 (including) r80.20-take_161 (including)
Ssl_network_extender Checkpoint r80.20-take_17 (including) r80.20-take_17 (including)
Ssl_network_extender Checkpoint r80.20-take_173 (including) r80.20-take_173 (including)
Ssl_network_extender Checkpoint r80.20-take_183 (including) r80.20-take_183 (including)
Ssl_network_extender Checkpoint r80.20-take_187 (including) r80.20-take_187 (including)
Ssl_network_extender Checkpoint r80.20-take_188 (including) r80.20-take_188 (including)
Ssl_network_extender Checkpoint r80.20-take_190 (including) r80.20-take_190 (including)
Ssl_network_extender Checkpoint r80.20-take_202 (including) r80.20-take_202 (including)
Ssl_network_extender Checkpoint r80.20-take_203 (including) r80.20-take_203 (including)
Ssl_network_extender Checkpoint r80.20-take_205 (including) r80.20-take_205 (including)
Ssl_network_extender Checkpoint r80.20-take_208 (including) r80.20-take_208 (including)
Ssl_network_extender Checkpoint r80.20-take_210 (including) r80.20-take_210 (including)
Ssl_network_extender Checkpoint r80.20-take_211 (including) r80.20-take_211 (including)
Ssl_network_extender Checkpoint r80.20-take_220 (including) r80.20-take_220 (including)
Ssl_network_extender Checkpoint r80.20-take_33 (including) r80.20-take_33 (including)
Ssl_network_extender Checkpoint r80.20-take_42 (including) r80.20-take_42 (including)
Ssl_network_extender Checkpoint r80.20-take_47 (including) r80.20-take_47 (including)
Ssl_network_extender Checkpoint r80.20-take_73 (including) r80.20-take_73 (including)
Ssl_network_extender Checkpoint r80.20-take_74 (including) r80.20-take_74 (including)
Ssl_network_extender Checkpoint r80.20-take_80 (including) r80.20-take_80 (including)
Ssl_network_extender Checkpoint r80.20-take_87 (including) r80.20-take_87 (including)
Ssl_network_extender Checkpoint r80.20-take_91 (including) r80.20-take_91 (including)
Ssl_network_extender Checkpoint r80.20sp (including) r80.20sp (including)
Ssl_network_extender Checkpoint r80.20sp-take_105 (including) r80.20sp-take_105 (including)
Ssl_network_extender Checkpoint r80.20sp-take_121 (including) r80.20sp-take_121 (including)
Ssl_network_extender Checkpoint r80.20sp-take_163 (including) r80.20sp-take_163 (including)
Ssl_network_extender Checkpoint r80.20sp-take_178 (including) r80.20sp-take_178 (including)
Ssl_network_extender Checkpoint r80.20sp-take_191 (including) r80.20sp-take_191 (including)
Ssl_network_extender Checkpoint r80.20sp-take_210 (including) r80.20sp-take_210 (including)
Ssl_network_extender Checkpoint r80.20sp-take_240 (including) r80.20sp-take_240 (including)
Ssl_network_extender Checkpoint r80.20sp-take_258 (including) r80.20sp-take_258 (including)
Ssl_network_extender Checkpoint r80.20sp-take_266 (including) r80.20sp-take_266 (including)
Ssl_network_extender Checkpoint r80.20sp-take_273 (including) r80.20sp-take_273 (including)
Ssl_network_extender Checkpoint r80.20sp-take_279 (including) r80.20sp-take_279 (including)
Ssl_network_extender Checkpoint r80.20sp-take_283 (including) r80.20sp-take_283 (including)
Ssl_network_extender Checkpoint r80.20sp-take_295 (including) r80.20sp-take_295 (including)
Ssl_network_extender Checkpoint r80.20sp-take_302 (including) r80.20sp-take_302 (including)
Ssl_network_extender Checkpoint r80.20sp-take_304 (including) r80.20sp-take_304 (including)
Ssl_network_extender Checkpoint r80.20sp-take_305 (including) r80.20sp-take_305 (including)
Ssl_network_extender Checkpoint r80.20sp-take_306 (including) r80.20sp-take_306 (including)
Ssl_network_extender Checkpoint r80.20sp-take_309 (including) r80.20sp-take_309 (including)
Ssl_network_extender Checkpoint r80.20sp-take_310 (including) r80.20sp-take_310 (including)
Ssl_network_extender Checkpoint r80.20sp-take_313 (including) r80.20sp-take_313 (including)
Ssl_network_extender Checkpoint r80.20sp-take_314 (including) r80.20sp-take_314 (including)
Ssl_network_extender Checkpoint r80.20sp-take_315 (including) r80.20sp-take_315 (including)
Ssl_network_extender Checkpoint r80.20sp-take_317 (including) r80.20sp-take_317 (including)
Ssl_network_extender Checkpoint r80.20sp-take_326 (including) r80.20sp-take_326 (including)
Ssl_network_extender Checkpoint r80.20sp-take_327 (including) r80.20sp-take_327 (including)
Ssl_network_extender Checkpoint r80.20sp-take_331 (including) r80.20sp-take_331 (including)
Ssl_network_extender Checkpoint r80.20sp-take_332 (including) r80.20sp-take_332 (including)
Ssl_network_extender Checkpoint r80.20sp-take_334 (including) r80.20sp-take_334 (including)
Ssl_network_extender Checkpoint r80.20sp-take_335 (including) r80.20sp-take_335 (including)
Ssl_network_extender Checkpoint r80.30 (including) r80.30 (including)
Ssl_network_extender Checkpoint r80.30-take_107 (including) r80.30-take_107 (including)
Ssl_network_extender Checkpoint r80.30-take_111 (including) r80.30-take_111 (including)
Ssl_network_extender Checkpoint r80.30-take_135 (including) r80.30-take_135 (including)
Ssl_network_extender Checkpoint r80.30-take_136 (including) r80.30-take_136 (including)
Ssl_network_extender Checkpoint r80.30-take_140 (including) r80.30-take_140 (including)
Ssl_network_extender Checkpoint r80.30-take_155 (including) r80.30-take_155 (including)
Ssl_network_extender Checkpoint r80.30-take_163 (including) r80.30-take_163 (including)
Ssl_network_extender Checkpoint r80.30-take_166 (including) r80.30-take_166 (including)
Ssl_network_extender Checkpoint r80.30-take_168 (including) r80.30-take_168 (including)
Ssl_network_extender Checkpoint r80.30-take_180 (including) r80.30-take_180 (including)
Ssl_network_extender Checkpoint r80.30-take_19 (including) r80.30-take_19 (including)
Ssl_network_extender Checkpoint r80.30-take_191 (including) r80.30-take_191 (including)
Ssl_network_extender Checkpoint r80.30-take_195 (including) r80.30-take_195 (including)
Ssl_network_extender Checkpoint r80.30-take_196 (including) r80.30-take_196 (including)
Ssl_network_extender Checkpoint r80.30-take_210 (including) r80.30-take_210 (including)
Ssl_network_extender Checkpoint r80.30-take_213 (including) r80.30-take_213 (including)
Ssl_network_extender Checkpoint r80.30-take_214 (including) r80.30-take_214 (including)
Ssl_network_extender Checkpoint r80.30-take_215 (including) r80.30-take_215 (including)
Ssl_network_extender Checkpoint r80.30-take_217 (including) r80.30-take_217 (including)
Ssl_network_extender Checkpoint r80.30-take_219 (including) r80.30-take_219 (including)
Ssl_network_extender Checkpoint r80.30-take_221 (including) r80.30-take_221 (including)
Ssl_network_extender Checkpoint r80.30-take_226 (including) r80.30-take_226 (including)
Ssl_network_extender Checkpoint r80.30-take_227 (including) r80.30-take_227 (including)
Ssl_network_extender Checkpoint r80.30-take_228 (including) r80.30-take_228 (including)
Ssl_network_extender Checkpoint r80.30-take_232 (including) r80.30-take_232 (including)
Ssl_network_extender Checkpoint r80.30-take_235 (including) r80.30-take_235 (including)
Ssl_network_extender Checkpoint r80.30-take_236 (including) r80.30-take_236 (including)
Ssl_network_extender Checkpoint r80.30-take_237 (including) r80.30-take_237 (including)
Ssl_network_extender Checkpoint r80.30-take_241 (including) r80.30-take_241 (including)
Ssl_network_extender Checkpoint r80.30-take_242 (including) r80.30-take_242 (including)
Ssl_network_extender Checkpoint r80.30-take_245 (including) r80.30-take_245 (including)
Ssl_network_extender Checkpoint r80.30-take_246 (including) r80.30-take_246 (including)
Ssl_network_extender Checkpoint r80.30-take_251 (including) r80.30-take_251 (including)
Ssl_network_extender Checkpoint r80.30-take_254 (including) r80.30-take_254 (including)
Ssl_network_extender Checkpoint r80.30-take_50 (including) r80.30-take_50 (including)
Ssl_network_extender Checkpoint r80.30-take_76 (including) r80.30-take_76 (including)
Ssl_network_extender Checkpoint r80.30sp (including) r80.30sp (including)
Ssl_network_extender Checkpoint r80.30sp-take_101 (including) r80.30sp-take_101 (including)
Ssl_network_extender Checkpoint r80.30sp-take_31 (including) r80.30sp-take_31 (including)
Ssl_network_extender Checkpoint r80.30sp-take_32 (including) r80.30sp-take_32 (including)
Ssl_network_extender Checkpoint r80.30sp-take_45 (including) r80.30sp-take_45 (including)
Ssl_network_extender Checkpoint r80.30sp-take_49 (including) r80.30sp-take_49 (including)
Ssl_network_extender Checkpoint r80.30sp-take_56 (including) r80.30sp-take_56 (including)
Ssl_network_extender Checkpoint r80.30sp-take_73 (including) r80.30sp-take_73 (including)
Ssl_network_extender Checkpoint r80.30sp-take_75 (including) r80.30sp-take_75 (including)
Ssl_network_extender Checkpoint r80.30sp-take_82 (including) r80.30sp-take_82 (including)
Ssl_network_extender Checkpoint r80.30sp-take_97 (including) r80.30sp-take_97 (including)
Ssl_network_extender Checkpoint r80.40 (including) r80.40 (including)
Ssl_network_extender Checkpoint r80.40-take_100 (including) r80.40-take_100 (including)
Ssl_network_extender Checkpoint r80.40-take_102 (including) r80.40-take_102 (including)
Ssl_network_extender Checkpoint r80.40-take_114 (including) r80.40-take_114 (including)
Ssl_network_extender Checkpoint r80.40-take_118 (including) r80.40-take_118 (including)
Ssl_network_extender Checkpoint r80.40-take_119 (including) r80.40-take_119 (including)
Ssl_network_extender Checkpoint r80.40-take_120 (including) r80.40-take_120 (including)
Ssl_network_extender Checkpoint r80.40-take_121 (including) r80.40-take_121 (including)
Ssl_network_extender Checkpoint r80.40-take_125 (including) r80.40-take_125 (including)
Ssl_network_extender Checkpoint r80.40-take_126 (including) r80.40-take_126 (including)
Ssl_network_extender Checkpoint r80.40-take_131 (including) r80.40-take_131 (including)
Ssl_network_extender Checkpoint r80.40-take_138 (including) r80.40-take_138 (including)
Ssl_network_extender Checkpoint r80.40-take_139 (including) r80.40-take_139 (including)
Ssl_network_extender Checkpoint r80.40-take_150 (including) r80.40-take_150 (including)
Ssl_network_extender Checkpoint r80.40-take_153 (including) r80.40-take_153 (including)
Ssl_network_extender Checkpoint r80.40-take_154 (including) r80.40-take_154 (including)
Ssl_network_extender Checkpoint r80.40-take_156 (including) r80.40-take_156 (including)
Ssl_network_extender Checkpoint r80.40-take_158 (including) r80.40-take_158 (including)
Ssl_network_extender Checkpoint r80.40-take_161 (including) r80.40-take_161 (including)
Ssl_network_extender Checkpoint r80.40-take_172 (including) r80.40-take_172 (including)
Ssl_network_extender Checkpoint r80.40-take_173 (including) r80.40-take_173 (including)
Ssl_network_extender Checkpoint r80.40-take_25 (including) r80.40-take_25 (including)
Ssl_network_extender Checkpoint r80.40-take_38 (including) r80.40-take_38 (including)
Ssl_network_extender Checkpoint r80.40-take_45 (including) r80.40-take_45 (including)
Ssl_network_extender Checkpoint r80.40-take_48 (including) r80.40-take_48 (including)
Ssl_network_extender Checkpoint r80.40-take_53 (including) r80.40-take_53 (including)
Ssl_network_extender Checkpoint r80.40-take_54 (including) r80.40-take_54 (including)
Ssl_network_extender Checkpoint r80.40-take_55 (including) r80.40-take_55 (including)
Ssl_network_extender Checkpoint r80.40-take_65 (including) r80.40-take_65 (including)
Ssl_network_extender Checkpoint r80.40-take_67 (including) r80.40-take_67 (including)
Ssl_network_extender Checkpoint r80.40-take_69 (including) r80.40-take_69 (including)
Ssl_network_extender Checkpoint r80.40-take_74 (including) r80.40-take_74 (including)
Ssl_network_extender Checkpoint r80.40-take_77 (including) r80.40-take_77 (including)
Ssl_network_extender Checkpoint r80.40-take_78 (including) r80.40-take_78 (including)
Ssl_network_extender Checkpoint r80.40-take_83 (including) r80.40-take_83 (including)
Ssl_network_extender Checkpoint r80.40-take_87 (including) r80.40-take_87 (including)
Ssl_network_extender Checkpoint r80.40-take_89 (including) r80.40-take_89 (including)
Ssl_network_extender Checkpoint r80.40-take_91 (including) r80.40-take_91 (including)
Ssl_network_extender Checkpoint r80.40-take_92 (including) r80.40-take_92 (including)
Ssl_network_extender Checkpoint r80.40-take_93 (including) r80.40-take_93 (including)
Ssl_network_extender Checkpoint r80.40-take_94 (including) r80.40-take_94 (including)
Ssl_network_extender Checkpoint r81 (including) r81 (including)
Ssl_network_extender Checkpoint r81-take_10 (including) r81-take_10 (including)
Ssl_network_extender Checkpoint r81-take_11 (including) r81-take_11 (including)
Ssl_network_extender Checkpoint r81-take_13 (including) r81-take_13 (including)
Ssl_network_extender Checkpoint r81-take_17 (including) r81-take_17 (including)
Ssl_network_extender Checkpoint r81-take_23 (including) r81-take_23 (including)
Ssl_network_extender Checkpoint r81-take_25 (including) r81-take_25 (including)
Ssl_network_extender Checkpoint r81-take_27 (including) r81-take_27 (including)
Ssl_network_extender Checkpoint r81-take_29 (including) r81-take_29 (including)
Ssl_network_extender Checkpoint r81-take_34 (including) r81-take_34 (including)
Ssl_network_extender Checkpoint r81-take_36 (including) r81-take_36 (including)
Ssl_network_extender Checkpoint r81-take_42 (including) r81-take_42 (including)
Ssl_network_extender Checkpoint r81-take_44 (including) r81-take_44 (including)
Ssl_network_extender Checkpoint r81-take_51 (including) r81-take_51 (including)
Ssl_network_extender Checkpoint r81-take_56 (including) r81-take_56 (including)
Ssl_network_extender Checkpoint r81-take_58 (including) r81-take_58 (including)
Ssl_network_extender Checkpoint r81-take_60 (including) r81-take_60 (including)
Ssl_network_extender Checkpoint r81-take_65 (including) r81-take_65 (including)
Ssl_network_extender Checkpoint r81-take_68 (including) r81-take_68 (including)
Ssl_network_extender Checkpoint r81-take_69 (including) r81-take_69 (including)
Ssl_network_extender Checkpoint r81-take_72 (including) r81-take_72 (including)
Ssl_network_extender Checkpoint r81-take_74 (including) r81-take_74 (including)
Ssl_network_extender Checkpoint r81.10 (including) r81.10 (including)
Ssl_network_extender Checkpoint r81.10-take_14 (including) r81.10-take_14 (including)
Ssl_network_extender Checkpoint r81.10-take_22 (including) r81.10-take_22 (including)
Ssl_network_extender Checkpoint r81.10-take_30 (including) r81.10-take_30 (including)
Ssl_network_extender Checkpoint r81.10-take_38 (including) r81.10-take_38 (including)
Ssl_network_extender Checkpoint r81.10-take_44 (including) r81.10-take_44 (including)
Ssl_network_extender Checkpoint r81.10-take_45 (including) r81.10-take_45 (including)
Ssl_network_extender Checkpoint r81.10-take_55 (including) r81.10-take_55 (including)
Ssl_network_extender Checkpoint r81.10-take_61 (including) r81.10-take_61 (including)
Ssl_network_extender Checkpoint r81.10-take_66 (including) r81.10-take_66 (including)
Ssl_network_extender Checkpoint r81.10-take_75 (including) r81.10-take_75 (including)
Ssl_network_extender Checkpoint r81.10-take_78 (including) r81.10-take_78 (including)
Ssl_network_extender Checkpoint r81.10-take_9 (including) r81.10-take_9 (including)

Potential Mitigations

  • Common protection mechanisms include:

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

  • Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]

References