Описание
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-1618
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41683
- http://secunia.com/advisories/29708
- http://www.mwrinfosecurity.com/publications/mwri_watchguard-firebox-pptp-vpn-user-enumeration-advisory_2008-04-04.pdf
- http://www.osvdb.org/44218
- http://www.securityfocus.com/bid/28619
- http://www.securitytracker.com/id?1019796
- http://www.vupen.com/english/advisories/2008/1152/references
Связанные уязвимости
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.