Authentication Flaw in F5 FirePass Reveals Valid Usernames
CVE-2007-0195
Currently unrated
Summary
The my.activation.php3 file in F5 FirePass versions 5.4 to 6.0 has a vulnerability that presents different error messages for login attempts with valid and invalid usernames. This inconsistency allows remote attackers to infer valid LDAP accounts, potentially compromising user security. By leveraging this flaw, attackers can conduct targeted brute-force attacks more effectively by confirming which usernames are legitimate.
References
Timeline
Vulnerability published
Vulnerability Reserved