User Enumeration Flaw in Watchguard Firebox VPN Service
CVE-2008-1618

Currently unrated

Key Information:

Vendor

Watchguard

Status
Firebox Pptp Vpn
Vendor
CVE Published:
7 April 2008

What is CVE-2008-1618?

The PPTP VPN service in Watchguard Firebox versions prior to 10 is vulnerable due to improper handling of error responses during the MS-CHAPv2 authentication handshake. This vulnerability allows remote attackers to determine which usernames are valid by observing the differing error messages generated for valid and invalid usernames. Exploiting this issue could lead to further attacks or unauthorized access as attackers can compile a list of valid usernames for targeted exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

http://www.mwrinfosecurity.com/publications/mwri_watchgua...
x_refsource_MISC
http://www.osvdb.org/44218
vdb-entryx_refsource_OSVDB
http://www.vupen.com/english/advisories/2008/1152/references
vdb-entryx_refsource_VUPEN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.