- Products
- Learn
- Local User Groups
- Partners
-
More
Join Us for CPX 360
23-24 February 2021
Important certificate update to CloudGuard Controller, CME,
and Azure HA Security Gateways
How to Remediate Endpoint & VPN
Issues (in versions E81.10 or earlier)
IDC Spotlight -
Uplevel The SOC
Important! R80 and R80.10
End Of Support around the corner (May 2021)
When installing a Check Point 80.40 it sets the default password hash algorithm to MD5.
I want to change it to SHA512 and do that via the clish command line with this command:
firewall> set password-controls password-hash-type SHA512
Then I can set the admin password hash with the new "standard" hash algorithm to the same password as i had before:
firewall> set user admin password
New password: ***************
Verify new password: ***************
TIP: To be allowed to set the same password as you had before you might need to run this first (Just remember to turn that one on again after the change to ensure passwords are not reused if you need that for compliance reasons):
set password-controls history-checking false
I can alternatively set the password using the hash instead:
firewall> set user admin password-hash $6$rounds=10000$RoVKjytn$rz.nZFj2dkCX9381mfYiWiGbpp5R35XCAPIBo5.UVN/lUEwEsJ/oWRMXwVFPwufEYW4xJDd4ZZ9nkFVcrDQi..
TIP Also remember to run " save config "
My question is:
But how do I set the expert password with a hash ( so I can script / automate my installations ) ?
firewall> set expert-password-hash $6$rounds=10000$RoVKjytn$rz.nZFj2dkCX9381mfYiWiGbpp5R35XCAPIBo5.UVN/lUEwEsJ/oWRMXwVFPwufEYW4xJDd4ZZ9nkFVcrDQi..
GAIA9999 Invalid Salted Hash
I also did not figure out where the expert encrypted password is stored - do any one here know how to retrieve it ?
Link to SK for changing password hashing algorithm ( for gaia OS 😞
# https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...
TIP: The encrypted password for the users are stored in the local file called /etc/shadow
If you cat that file or run "grep admin /etc/shadow | cut -d: -f-2" from the expert command line, then you can see what type of encryption/hashing algorithm the users password starts with a $ sign and a number
Running the command dbget passwd:admin:passwd could also be used to show a users hashed password ( in this example the admin user)
Look for if it starts with $1, $5 or $6 - it will tell you what encryption or hashing algorithm they were created with.
# ID | Method
# ───────────────────────────────────────────────
# $1 | MD5
# $2 | (2a) Blowfish (not in mainline glibc; added in some Linux distributions)
# $5 | SHA-256 (since glibc 2.7)
# $6 | SHA-512 (since glibc 2.7)
# ───────────────────────────────────────────────
Best regards
Keld Norman
Hi,
You can find the hashed password for users in /etc/shadow .
It would seem that if you activate SHA256 it breaks.
If you activate SHA512 every command works as expected.
Think Checkpoint will need to revisit the feature who generates SHA256 hash.
It still works in R80.20 but after that it looks like trouble.
You said "I also did not figure out where the expert encrypted password is stored - do any one here know how to retrieve it?"
-> It is stored in the Gaia configuration database (/config/initial (plain-text) and /config/initial_db (SQLite v3)). You can retrieve it from expert shell with
dbget expertpwd:PWD
About CheckMates
Learn Check Point
Advanced Learning
WELCOME TO THE FUTURE OF CYBER SECURITY