This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
C_H
Participant
Participant
2 weeks ago
Jump to solution

Special Character change in R81.20 JHF 96

Hello Everyone,

I recently came across the limitation described in https://support.checkpoint.com/results/sk/sk183201:

After installing JHF96+ for R81.20, a "." (dot) in a username is a problem for WebUI Login and logging in with a username with a dot  no longer works (SSH is unaffected of this).

To be fair, I checked the documentation and only "-" and "_" are mentioned as allowed special characters in usernames (I looked in the GAiA Admin Guide R80.40, R81, R81.10 and R81.20), but I know several environments where dots are used in the admin name concept and have worked without problems so far

What are your opinions?

 

Best Regards

Colin

 

1 Solution

Accepted Solutions
Ambar
Employee
Employee
2 weeks ago
Jump to solution

Hi Colin, the agenda here is enhance the security for GAiA portal

The option for this is the enforce your environment and align the users

View solution in original post

9 Replies
Ambar
Employee
Employee
2 weeks ago
Jump to solution

Hi Colin, the agenda here is enhance the security for GAiA portal

The option for this is the enforce your environment and align the users

joerivang
Explorer
2 weeks ago
In response to Ambar
Jump to solution

Within our environment and our naming convention, we have dots in our admin usernames.

Enforcing and aligning this in an enterprise where 5k+ accounts have this character in the username is easier said than done. So we'll have to figure something out at the moment.. as the naming convention will not change because one vendor decided otherwise.

(2)
joth
Participant
Participant
2 weeks ago
In response to joerivang
Jump to solution

Hi, denying dots in usernames is really a bad idea. The dot is one of the most used separators in usernames. I know already of some customers, which are affected by this. Implementing 2FA for the Gaia WebUI is great, but I don't see why this limits the set of allowed charcters in the username.

Changing the usernames in a company with thousands of accounts is a major change. 

CP RnD could you please check again, if you can remove this limitation? Otherwise there will be issues with a lot of customers in the next months.

BR

joth

(1)
the_rock
Legend
Legend
2 weeks ago
In response to joth
Jump to solution

I agree with you, for sure. I also believe that limitation should be removed.

Andy

(1)
C_H
Participant
Participant
2 weeks ago
In response to Ambar
Jump to solution

Hi Ambar,

Yes, security is important, but from my point of view, a very widespread username concept (usernames with a dot) was made unusable in favor of a new feature (TOTP 2FA for GAiA) or rather its security.

We know that many of our customers use a dot in their usernames, which is nothing unusual from our point of view.

If I had to guess, this will become a bigger issue in the future, as the installbase of R81.20 JHF 96+ is currently not that big.

 

Best Regards

Colin

 

(1)
Stephan_Scholz
Participant
2 weeks ago
In response to C_H
Jump to solution

I agree that this is a very bad idea. Using dots in username is typical and widespread. Even though this is obviously limited to Gaia web GUI, it's simply a bad idea. This will affect many environmentsa and they are in for a bad surprise.

(2)
Ambar
Employee
Employee
2 weeks ago
In response to Stephan_Scholz
Jump to solution

Hi, I'll start with that we are taking internally the option for you to enable "." 

as this affects only GAiA portal non local users, the affect of modification shouldn't be such extensive as the access to GAiA portal should be limited and not for the entire organization 

the_rock
Legend
Legend
2 weeks ago
In response to Ambar
Jump to solution

@Ambar 

Just my logical suggestion...I can totally see where @C_H @joth @joerivang are coming from. If you think about it, say company even with 100 users, let alone 1000s, that is a HUMONGOUS change. 

If CP could offer customers say custom fix for the time being and then have this corrected in later jumbo, that would probably be okay with clients who have lots of users with . in their Gaia usernames.

Anyway, something to consider...

Andy

0 Kudos
(1)
the_rock
Legend
Legend
2 weeks ago
Jump to solution

I noticed that too when I installed it in the lab, but figured must have been something I did. Glad to know its by design.

Andy

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events