This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kryten
Collaborator
Thursday

Local certificate shown on public IP

Hi all,

a customer of ours recently had a PenTest done. All went pretty well but one of the findings was a not-so-secure RSA lenght with a certificate on a public IP.

The IP in question is the main IP of the Check Point Cluster and the certificate shown is the local VPN certificate.

The strange thing: This customer does not have the Mobile Access Blade enabled, so is not using SSL-VPN or any Portal that would run on this IP. Also we found nothing else that would explain why we can do a TLS Handshake to this IP. Its also just the Handshake, as there is no connection after accepting the cert.
While searching we found that Usercheck was pointing to this IP, but that was the only thing we found (and changed to an internal IP of the cluster).

If there is no portal or other service offered by the Gateway on this IP address, why can a connection on Port 443 still be initiated? Is there a way to disable this?

 

 

Cheers, and thanks in advance for any hints!

0 Kudos
4 Replies
Danny
Champion Champion
Champion
Thursday

HowTo: React on Check Point Information Disclosure

0 Kudos
Kryten
Collaborator
Thursday
In response to Danny

That is an interesting read, thanks. I does not apply to our situation though, as the certificate in question gets shown on Port 443. We don't get anything here when trying for the ICA Ports...

0 Kudos
Ryan_Ryan
Advisor
Thursday
In response to Kryten

Can you edit the gateway, platform portal, accessibility and change it to internal or policy and see if that closes the port?

 

also run "mpclient list" and see what services are running on 443

0 Kudos
PhoneBoy
Admin
Admin
Friday

You should probably adjust the implied rules that allow connectivity on port 443: https://support.checkpoint.com/results/sk/sk105740 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events