This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Laurent_Maland1
Explorer
‎2018-09-07 06:13 AM

RemoteAccess Users view password or export accounts

Hi everbody

I have some RemoteAccess users (30) authentified by "Check Point Password" on a Firewall. I need to create some same users (6) on another Firewall (not the same management). Is it possible to view in clear the 6 passwords or to export/import the 6 accounts (name/password).

Thank you for your help.

Laurent

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2018-09-09 12:58 AM

You should be able to do it with dbedit with something like "show users username".

A hash of the password will be exported (not the clear text)--not sure if that can be imported into another system (haven't tried it yet).

0 Kudos
JozkoMrkvicka
Authority
Authority
‎2018-09-09 06:06 AM
In response to PhoneBoy

Well, This is how it looks on R77.30 (no hash, no plain-text password):

dbedit> print users admin

Object Name: admin
Object UID: {9813617A-70C8-4DF6-ADA6-A4BD87FCE69B}
Class Name: user
Table Name: users
Last Modified by: admin
Last Modified from: 
Last Modification time: Sun Sep 9 08:18:44 2018
Fields Details
--------------
accessible_from_smc: true
admin_expiration_base_data: admin (
expiration_date: 31-dec-2030
expiration_date_method: expire at
expiration_date_visual_notif: true
)
administrator: false
administrator_profile: NULL
auth_method: Internal Password
color: black
comments:
connection_state: uninitialized
creation_date: 8/27/2018
days: 127
destinations: Name: Any (Table: globals)
email:
expiration_according_to_global_def: true
expiration_visual_indication_mgmt: true
fromhour: 00:00
generic_profile: false
generic_profile_settings: (
<NULL>
)
groups: Name: TESTING (Table: users)
internal_password: Sensitive Info Removed
name: admin
notdelete: false
phone_number:
radius_server: Name: Any (Table: globals)
sic_identifier: (
id_type: ip_addr
id_value:
)
sic_name:
sources: Name: Any (Table: globals)
tacacs_server: Name: Any (Table: globals)
tohour: 23:59
type: user
use_fw_radius_if_exist: true
userc: (
FWZ: (
<NULL>
)
IKE: (
isakmp.authmethods: signatures
isakmp.data.integrity: SHA1
isakmp.encmethods: DES 3DES
isakmp.encryption: 3DES
isakmp.hashmethods: MD5 SHA1
isakmp.shared.secret:
isakmp.transform: ESP
)
accept_track: Name: Auth (Table: tracks)
use_global_encryption_values: true
)

And from GuiDBedit:

So the password (in hash), must be stored in some database.

Kind regards,
Jozko Mrkvicka
0 Kudos
JozkoMrkvicka
Authority
Authority
‎2018-09-09 06:52 AM

R77.30:

The hashes for Remote Access users should be stored in following file:

/var/opt/CPsuite-R77/fw1/conf/fwauth.NDB

The hashes (internal_password) are 13 characters long.

But maybe the better way how to accomplish your plan (to export users) is to use migrate export utility from management.

Kind regards,
Jozko Mrkvicka
0 Kudos
Laurent_Maland1
Explorer
‎2018-09-10 12:17 AM
In response to JozkoMrkvicka

Hi

Thank you for the information about dbedit. If I use the migrate export utility how can I import the 6 users account only in the other Firewall ?

Regards

Laurent

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events