The IPsec VPN blade has a dedicated portal for downloading and connecting through SSL Network Extender (SNX). If the portal is configured for username/password authentication, it is vulnerable to a brute-force attack on usernames and passwords.
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it more susceptible to brute force attacks.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30sp | r80.30sp |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81.10 | r81.10 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r81 | r81 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.40 | r80.40 |
Ssl_network_extender | Checkpoint | r80.30sp | r80.30sp |
Ssl_network_extender | Checkpoint | r80.30sp | r80.30sp |
Ssl_network_extender | Checkpoint | r80.30sp | r80.30sp |
Ssl_network_extender | Checkpoint | r80.30sp | r80.30sp |
Ssl_network_extender | Checkpoint | r80.30sp | r80.30sp |
Ssl_network_extender | Checkpoint | r80.30sp | r80.30sp |
Ssl_network_extender | Checkpoint | r80.30sp | r80.30sp |
Ssl_network_extender | Checkpoint | r80.30sp | r80.30sp |
Ssl_network_extender | Checkpoint | r80.30sp | r80.30sp |
Ssl_network_extender | Checkpoint | r80.30sp | r80.30sp |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.30 | r80.30 |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20sp | r80.20sp |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Ssl_network_extender | Checkpoint | r80.20 | r80.20 |
Common protection mechanisms include:
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
Consider using libraries with authentication capabilities such as OpenSSL or the ESAPI Authenticator. [REF-45]