CVE-2007-4422

Currently unrated

Key Information:

Vendor
Symantec
Vendor
CVE Published:
18 August 2007

Summary

The login interface in Symantec Enterprise Firewall 6.x, when a VPN with pre-shared key (PSK) authentication is enabled, generates different responses depending on whether or not a username is valid, which allows remote attackers to enumerate valid usernames.

References

EPSS Score

80% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.