Authentication Flaw in F5 FirePass Reveals Valid Usernames
CVE-2007-0195

Currently unrated

Key Information:

Vendor
F5
Status
Vendor
CVE Published:
12 January 2007

Summary

The my.activation.php3 file in F5 FirePass versions 5.4 to 6.0 has a vulnerability that presents different error messages for login attempts with valid and invalid usernames. This inconsistency allows remote attackers to infer valid LDAP accounts, potentially compromising user security. By leveraging this flaw, attackers can conduct targeted brute-force attacks more effectively by confirming which usernames are legitimate.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.