Security experts claim to have found two serious vulnerabilities in Checkpoint Firewall 1 which may offer hackers a back door into enterprise networks.
Security testing firm NTA Monitor released an advisory detailing the flaws, which highlight username guessing and data sniffing issues.
Affected versions of the firewall (4.0, 4.1, NG, NG FP1 and NG FP2) permit remote users to determine whether a username is valid without the need for its accompanying password.
This would allow hackers to guess valid usernames using a dictionary attack. NTA Monitor managed to check 10,000 names in two minutes 30 seconds during tests.
The firm also discovered that virtual private network (VPN) usernames are passed in the clear without encryption, allowing anyone who is able to sniff network traffic between VPN clients and the firewall to grab plain text usernames in transit.
This flaw lies with the Internet Key Exchange (IKE) encryption scheme and affects all Checkpoint Firewall 1 systems from version 4.0 and above.
Roy Hills, technical director at NTA Monitor, said: "This leaves the back door to the enterprise wide open to hackers.
"The biggest problem is that it is not necessary to send a password to obtain a reply from the firewall.
"Given that both users and system administrators often choose weak passwords, it is likely that any attacker will be able to guess at least one password and thus gain access to the VPN.
"From there most configurations easily allow full access to the company's resources."
In response to NTA's findings, Checkpoint stated that it does not recommend the use of IKE in Aggressive mode because of limitations in the protocol, including passing usernames in clear text.
The company added that the second vulnerability, also linked to IKE, only exists in version 4.1.
By way of a workaround, Checkpoint has advised users to disable IKE Aggressive and use the encryption in Hybrid mode instead, which does not send usernames in plain text.
Created via a thin, flexible, and transparent hierarchical nanocomposite film
Rolls Royce will use AI powered by Intel's Xeon Gold processors and SSDs for memory
The most extreme range of orbits yet observed in such a young star system, claim University of Cambridge astronomers
HP and Centrica are the first industry partners to sign up to the government's new Code