This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
George_Casper
Collaborator
‎2022-11-08 01:42 PM

Microsoft Kerberos & NetLogon Changes November 8, 2022 Announcements


Does Checkpoint have any response with compatibility guidelines or issues regarding Microsoft's Kerberos & NetLogon changes announced today?   See links below.  Anything with Identity Awareness, Identity Connector, LDAP Lookup & VPN Authentication, etc...? 

 

5 Replies
PhoneBoy
Admin
Admin
‎2022-11-09 05:51 PM

To the best of my knowledge, the only thing that MIGHT be impacted is transparent (browser) auth via Identity Awareness.
@Royi_Priov would know for sure.

0 Kudos
Liel_Shaish
Employee
Employee
‎2022-11-14 05:34 AM

Hi,

Identity Awareness Kerberos flows and AD-Query were analyzed and tested. No issues were found or reported.
We are still missing an indication on Microsoft side that configuration was applied correctly. We will try to verify it with Microsoft support.  



Thanks,
Liel Shaish, RnD Group Manager 

0 Kudos
EmanueleM
Explorer
‎2023-03-30 02:36 AM
In response to Liel_Shaish

Good morning Liel, can you officially confirm that there are no potential issues?

Best regards

Emanuele

0 Kudos
Wolfgang
MVP Gold
MVP Gold
‎2023-04-03 12:59 AM
In response to Liel_Shaish

Are there any news regarding this issue ? How about SSO authentication via Kerberos with Identity Agent on windows machine ? Are we safe without changes ?

0 Kudos
EmanueleM
Explorer
‎2023-04-03 02:07 AM
In response to Wolfgang

Hi Wolfgang, last week I opened a SR to Check Point support and this was their answer:

Official response from RnD:
According to the R & D team, CVE-2022-38023 and  CVE-2022-37967 are part of Microsoft configuration (Kerberos server and windows server). Checkpoint gateways are not affected by these protocol changes. The only blade which listens to such traffic is Identity Awareness. The identity Awareness blade was analyzed and tested  in response to Protocol Change CVE-2022-38023 and CVE-2022-37967 and no issues were found or reported

Regards

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events