Authentication Flaw in Check Point VPN-1 Product by Check Point
CVE-2001-1499

Currently unrated

Key Information:

Vendor: Checkpoint
Status: Vpn-1
Vendor: CVE Published:; 31 December 2001

What is CVE-2001-1499?

The Check Point VPN-1 product, specifically version 4.1SP4, exhibits a notable security issue where it reveals different error messages for valid and invalid user authentication attempts. This discrepancy in feedback prompts provides remote attackers with critical information that can be exploited to conduct brute force attacks. The varying error responses linked to different authentication methods enhance the risk of unauthorized access, necessitating immediate attention to mitigate potential exploitation.

References

http://www.securityfocus.com/bid/3470

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/222366

mailing-listx_refsource_BUGTRAQ

https://exchange.xforce.ibmcloud.com/vulnerabilities/7343

vdb-entryx_refsource_XF

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability Reserved
Jun 21, 2005
Vulnerability published
Dec 31, 2001

Checkpoint

What is CVE-2001-1499?

References

Timeline