Computer Security

Watchguard Firebox user enumeration
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Watchguard Firebox user enumeration
Published:15.04.2008
Source:SECURITEAM
SecurityVulns ID:8904
Type:remote
Level:4/10
Description:Error code is different for invalid username and password for PPTP MS-CHAPv2 authentication.
CVE:CVE-2008-1618 (The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes during depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.)
Original documentdocumentSECURITEAM, [NEWS] Watchguard Firebox PPTP VPN User Enumeration Vulnerability (15.04.2008)
Discuss:Read or add your comments to this news (0 comments)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru