Описание
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.
Ссылки
- Vendor Advisory
- ExploitPatch
- Vendor Advisory
- Vendor Advisory
- ExploitPatch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:watchguard:firebox_pptp_vpn:4.9:*:*:*:*:*:*:*
cpe:2.3:a:watchguard:firebox_pptp_vpn:5.0:*:*:*:*:*:*:*
EPSS
Процентиль: 69%
0.0061
Низкий
5 Medium
CVSS2
Дефекты
CWE-200
Связанные уязвимости
github
почти 4 года назад
The PPTP VPN service in Watchguard Firebox before 10, when performing the MS-CHAPv2 authentication handshake, generates different error codes depending on whether the username is valid or invalid, which allows remote attackers to enumerate valid usernames.
EPSS
Процентиль: 69%
0.0061
Низкий
5 Medium
CVSS2
Дефекты
CWE-200