This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kryten
Collaborator
‎2024-11-14 12:17 AM

Local certificate shown on public IP

Hi all,

a customer of ours recently had a PenTest done. All went pretty well but one of the findings was a not-so-secure RSA lenght with a certificate on a public IP.

The IP in question is the main IP of the Check Point Cluster and the certificate shown is the local VPN certificate.

The strange thing: This customer does not have the Mobile Access Blade enabled, so is not using SSL-VPN or any Portal that would run on this IP. Also we found nothing else that would explain why we can do a TLS Handshake to this IP. Its also just the Handshake, as there is no connection after accepting the cert.
While searching we found that Usercheck was pointing to this IP, but that was the only thing we found (and changed to an internal IP of the cluster).

If there is no portal or other service offered by the Gateway on this IP address, why can a connection on Port 443 still be initiated? Is there a way to disable this?

 

 

Cheers, and thanks in advance for any hints!

0 Kudos
4 Replies
Danny
Champion Champion
Champion
‎2024-11-14 12:24 AM

HowTo: React on Check Point Information Disclosure

0 Kudos
Kryten
Collaborator
‎2024-11-14 04:52 AM
In response to Danny

That is an interesting read, thanks. I does not apply to our situation though, as the certificate in question gets shown on Port 443. We don't get anything here when trying for the ICA Ports...

0 Kudos
Ryan_Ryan
Advisor
‎2024-11-14 03:16 PM
In response to Kryten

Can you edit the gateway, platform portal, accessibility and change it to internal or policy and see if that closes the port?

 

also run "mpclient list" and see what services are running on 443

0 Kudos
PhoneBoy
Admin
Admin
‎2024-11-15 05:57 AM

You should probably adjust the implied rules that allow connectivity on port 443: https://support.checkpoint.com/results/sk/sk105740 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    In-Person

    Tue 18 Mar 2025 @ 09:30 AM (EET)

    CheckMates Live Greece
    In-Person

    Tue 25 Mar 2025 @ 09:00 AM (EDT)

    Canada In-Person Cloud Security with Hands-On CloudGuard Workshops!
    In-Person

    Tue 25 Mar 2025 @ 12:00 PM (MDT)

    Salt Lake City: CPX 2025 Recap
    In-Person

    Tue 08 Apr 2025 @ 12:00 PM (MDT)

    Denver: CPX 2025 Recap
    CheckMates Events