User Enumeration Flaw in Watchguard Firebox VPN Service
CVE-2008-1618

Currently unrated

Key Information:

Vendor
Watchguard
Status
Firebox Pptp Vpn
Vendor
CVE Published:
7 April 2008

Summary

The PPTP VPN service in Watchguard Firebox versions prior to 10 is vulnerable due to improper handling of error responses during the MS-CHAPv2 authentication handshake. This vulnerability allows remote attackers to determine which usernames are valid by observing the differing error messages generated for valid and invalid usernames. Exploiting this issue could lead to further attacks or unauthorized access as attackers can compile a list of valid usernames for targeted exploitation.

References

http://www.mwrinfosecurity.com/publications/mwri_watchgua...
x_refsource_MISC
http://www.osvdb.org/44218
vdb-entryx_refsource_OSVDB
http://www.vupen.com/english/advisories/2008/1152/references
vdb-entryx_refsource_VUPEN

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2008-1618 : User Enumeration Flaw in Watchguard Firebox VPN Service | SecurityVulnerability.io