Username Enumeration Vulnerability in Symantec Enterprise Firewall
CVE-2007-4422

Currently unrated

Key Information:

Vendor: Symantec
Status: Enterprise Firewall
Vendor: CVE Published:; 18 August 2007

Summary

The login interface of Symantec Enterprise Firewall 6.x exhibits a vulnerability when VPN with pre-shared key (PSK) authentication is enabled. This flaw allows remote attackers to discern valid usernames through varied responses from the system based on username validity. Such enumeration opens the door for potential brute-force attacks or unauthorized access attempts, posing a significant risk to network security.

References

http://secunia.com/advisories/26511

third-party-advisoryx_refsource_SECUNIA

http://www.securitytracker.com/id?1018578

vdb-entryx_refsource_SECTRACK

http://www.securityfocus.com/bid/25338

vdb-entryx_refsource_BID

Timeline

Vulnerability published
Aug 18, 2007
Vulnerability Reserved
Aug 18, 2007