This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Steve_Pearson
Contributor
‎2025-01-09 12:40 PM

SIC one time passwords

I encountered a problem today connecting a spark to a central management server in that the SIC one time password that i'd set on the management server contained a question mark, and that caused a problem when trying to use it in CLI commands.

(maybe using a password generator wasn't such a good idea, and keeping it simple would be better)

However, this got me thinking, is there a definition for the requirement of the SIC one time password, as far as, how many characters, what mix is required and importantly what characters are not allowed?

I don't recall seeing one, and searching this evening hasn't turned up anything, so I was wondering if anyone else is aware of a definition?

0 Kudos
9 Replies
Lesley
Mentor Mentor
Mentor
‎2025-01-09 01:17 PM

As far as I know there is no minimal requirement. SIC is a one thing only, when SIC is set certificates are used for communication. 

Why the question mark did not work I am not sure could be a bug (would recommend to check the version you have installed).

Could also be user error (no offense) so if someone could reproduce it is worth checking and report as bug. 

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
Bob_Zimmerman
Authority
Authority
‎2025-01-09 01:40 PM
In response to Lesley

It's probably not a bug. BASH treats the question mark character as a one-character wildcard in file names. To get it to treat the question mark literally, you need to either escape it with a backslash (not ideal, since then you might need to escape the backslash as well at some point) or enclose the whole string in ticks (technically prime marks, also called commonly called single-quotes).

0 Kudos
Lesley
Mentor Mentor
Mentor
‎2025-01-09 01:46 PM
In response to Bob_Zimmerman

would be solved them if you perform SIC reset via web interface of the firewall 😉 

GAIA embedded I always reset via web interface

-------
If you like this post please give a thumbs up(kudo)! 🙂
0 Kudos
Steve_Pearson
Contributor
‎2025-01-13 01:28 AM
In response to Bob_Zimmerman

Yes, this is why the question mark didn't work for me!

0 Kudos
PhoneBoy
Admin
Admin
‎2025-01-09 03:49 PM

The SIC password is only used once: when trust is established to the management.
It does not need to be complex (i.e. containing "special characters") but you can make it long.
This is a particularly a good idea if you're deploying gateways automatically with cloud-init (relevant for CloudGuard Network instances). 

How long the password can be...not entirely sure.

the_rock
Legend
Legend
‎2025-01-09 04:06 PM

I know some people may disagree when I say this, but honestly, I always say to people you can easily use 1234 for SIC password, since its one-time password needed AND, on top of that, its encrypted, so really no need to be complex. I am fairly certain minimum is 4 characters, not sure about max length though.

Andy

0 Kudos
Steve_Pearson
Contributor
‎2025-01-13 01:33 AM
In response to the_rock

Like you, I would normally use a simple password for SIC, but the password policy is very strict on this site so I tried to conform to that and it bit me!

Lesson learned, but the reason for this post was to see if there was actually a definition of what the SIC password must / must not contain, as I couldn't find anything.

PhoneBoy
Admin
Admin
‎2025-01-13 09:50 AM
In response to Steve_Pearson

Most likely the reason this isn't documented is because this issue hasn't come up before, given the one-time nature of SIC passwords.

0 Kudos
AkosBakos
Leader Leader
Leader
‎2025-01-13 10:22 AM

Hi @Steve_Pearson 

And dont forget this useful sk:

https://support.checkpoint.com/results/sk/sk109148

Akos

 

----------------
\m/_(>_<)_\m/

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top